GNU bug report logs - #33847
27.0.50; emacsclient does not find server socket

Previous Next

Package: emacs;

Reported by: Ulrich Mueller <ulm <at> gentoo.org>

Date: Sun, 23 Dec 2018 09:49:01 UTC

Severity: normal

Tags: patch

Merged with 41707

Found in version 27.0.50

Fixed in version 28.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #26 received at 33847 <at> debbugs.gnu.org (full text, mbox):

From: Ulrich Mueller <ulm <at> gentoo.org>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: 33847 <at> debbugs.gnu.org
Subject: Re: 27.0.50; emacsclient does not find server socket
Date: Wed, 26 Dec 2018 16:14:14 +0100

>>>>> On Wed, 26 Dec 2018, Paul Eggert wrote:

> Ulrich Mueller wrote:
>> XDG_RUNTIME_DIR is simply not suitable for the purpose, because (by its
>> specification) it will disappear when the login session ends,

> I think the idea is that XDG_RUNTIME_DIR disappears when all login
> sessions end, so it might survive the current session.

I still don't see why XDG_RUNTIME_DIR would be more secure than using
a directory in TMPDIR. server.el seems to take all necessary precautions
to ensure that the directory is safe:

   server-ensure-safe-dir is a compiled Lisp function in ‘server.el’.

   (server-ensure-safe-dir DIR)

   Make sure DIR is a directory with no race-condition issues.
   Creates the directory if necessary and makes sure:
   - there’s no symlink involved
   - it’s owned by us
   - it’s not readable/writable by anybody else.

In addition, emacsclient checks for the ownership of the socket before
connecting to it.

>> No need for Emacs itself to be setgid, because the directory could
>> be created by calling an auxiliary setgid program (similar to
>> update-game-score).

> That might work, as a solution for people who want Emacs to keep
> running even when they entirely log out.

It would also be rather complicated, and require creation of an emacs
group. Using a directory where the user has write access is easier.
AFAICS, the three candidates for that are TMPDIR, HOME, and
XDG_RUNTIME_DIR.

Emacs 26 uses ${TMPDIR}/emacs${UID}/ or ${HOME}/.emacs.d/server/
depending on the server-use-tcp flag. Emacs 27 will use one of these
two or ${XDG_RUNTIME_DIR} as a default (depending on the environment).
IMHO this is approaching the point where things become unpredictable
and hard to understand for the user. (And making it more customizable
won't make it simpler, I fear.)

If TMPDIR really is insecure (see above), can't the socket be placed
in ${HOME}/.emacs.d/ which is already used in the TCP case? The socket
could be named server-<system-name>, in order to avoid issues with NFS
mounted directories.
This bug report was last modified 3 years and 225 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.