GNU bug report logs - #66667
[PATCH] Socket forwarding in emacsclient --tramp-prefix example

Previous Next

Full log

Message #26 received at 66667 <at> debbugs.gnu.org (full text, mbox):

From: Peter Oliver <p.d.oliver <at> mavit.org.uk>
To: Björn Bidar <bjorn.bidar <at> thaodan.de>
Cc: 66667 <at> debbugs.gnu.org
Subject: Re: bug#66667: [PATCH] Socket forwarding in emacsclient --tramp-prefix
 example
Date: Sun, 22 Oct 2023 18:09:05 +0100 (BST)

[Message part 1 (text/plain, inline)]

On Sun, 22 Oct 2023, Björn Bidar wrote:

>>  @example
>> -local$ ssh -R12345:localhost:12345 remote
>> -remote$ export EDITOR="emacsclient \
>> -        --server-file=server \
>> -        --tramp=/ssh:remote:"
>> +local$ ssh -R "/tmp/emacs-%r.socket":"$@{XDG_RUNTIME_DIR:-$@{TMPDIR:-/tmp@}/emacs%i@}$@{XDG_RUNTIME_DIR:+/emacs@}/server" remote
>> +remote$ export EMACS_SOCKET_NAME=/tmp/emacs-$USER.socket
>
> If the host has run /run/user it would make sense to setup the Emacs
> socket inside this directory.
> On older systems this might be /var/run/user I think.

It would, sure, but you can’t in general tell from the local side whether the remote side has /run, nor what your UID is there.  You’d need an extra round trip, for which you need ssh’s ControlPersist option to make performant.  This is too complicated for a simple example.

> If the socket fie is in /tmp every other user can read it, using /run/user is
> more secure.

No, the socket will have permissions 0700, so other users won’t be able to read it.  The risk is that other users will be able to cause a nuisance by creating a file of the same name in its place.  Perhaps it’s better to suggest putting the socket in the user’s home directory (which I originally discounted in case of shared NFS home directories)?

-- 
Peter Oliver

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.