XDG_RUNTIME_DIR permission check

Discussion:

David Faure

2017-01-08 18:16:28 UTC

http://standards.freedesktop.org/basedir-spec/latest says

„The directory MUST be owned by the user, and he MUST be the only one having
read and write access to it. Its Unix access mode MUST be 0700.“

However this is unclear in terms of who is responsible for these "MUST".

Should an application (or library), which wants to use XDG_RUNTIME_DIR, check
these ownership/permission requirements before using it, or are these
constraints simply for the piece of code that sets XDG_RUNTIME_DIR and then
apps can just use it without checking?

Based on the outcome I'll make a patch for the spec, since it seems unclear
right now.

--
David Faure, ***@kde.org, http://www.davidfaure.fr
Working on KDE Frameworks 5

Lennart Poettering

2017-01-09 11:35:10 UTC

Permalink

Post by David Faure
http://standards.freedesktop.org/basedir-spec/latest says
„The directory MUST be owned by the user, and he MUST be the only one having
read and write access to it. Its Unix access mode MUST be 0700.“
However this is unclear in terms of who is responsible for these "MUST".
Should an application (or library), which wants to use XDG_RUNTIME_DIR, check
these ownership/permission requirements before using it, or are these
constraints simply for the piece of code that sets XDG_RUNTIME_DIR and then
apps can just use it without checking?
Based on the outcome I'll make a patch for the spec, since it seems unclear
right now.

When I wrote this I always had in mind that the component setting
XDG_RUNTIME_DIR is responsible for preparating the dir the right way,
and that apps may simply trust that the dir is properly set up when
they see the environment variable set.

That said, people do weird stuff with su/sudo. It might or might not
make sense for apps to superficially check ownership of the dir before
using it. However I am very sure apps should never try to "fix" it it
doesn't match their expectations, as that most likely would make
things worse, not better in such su/sudo setups.

Lennart

--
Lennart Poettering, Red Hat

Thomas Kluyver

2017-01-09 12:07:24 UTC

Permalink

Post by Lennart Poettering
That said, people do weird stuff with su/sudo. It might or might not
make sense for apps to superficially check ownership of the dir before
using it. However I am very sure apps should never try to "fix" it it
doesn't match their expectations, as that most likely would make
things worse, not better in such su/sudo setups.

We have had some issues where users report that XDG_RUNTIME_DIR is set
but not accessible, which I think was due to su/sudo inheriting
environment variables. Presumably in these cases, apps should behave as
though XDG_RUNTIME_DIR is not set, but it might be useful for the spec
to mention this possibility and an appropriate check for it.

Also, is it worth trying to recommend any fallback options when
XDG_RUNTIME_DIR is not set or not usable? As far as I know, there's no
other directory which offers the same guarantees, but we still want our
app to run. In our case, we create a private directory under
XDG_DATA_HOME, but we only use it for regular files, not named pipes or
anything.

Thanks,
Thomas

Continue reading on narkive:

Search results for 'XDG_RUNTIME_DIR permission check' (Questions and Answers)

replies

How do I free disk space on linux?

started 2009-01-03 14:24:30 UTC

hardware