GNOME Bugzilla – Bug 646394
orbit should use g_get_user_runtime_dir
Last modified: 2019-02-23 02:42:21 UTC
Would be good to use the XDG runtime directory provided by g_get_user_runtime_dir() instead of /tmp for sockets etc. http://git.gnome.org/browse/ORBit2/tree/src/orb/GIOP/giop.c#n145
Ah - good point :-) It would be nice to use /run for that and have it auto-cleaned when the machine is re-started, rather than lingering like a bad smell. This is all too common: $ linc-cleanup-sockets 2>&1 | tee /tmp/log Cleaned 1571 files 30 still live apps that crash and don't get their g_atexit handlers don't clean up properly there, and of course we didn't use anonymous sockets; and now machines are stable, people tend not to re-login a lot - so they never run linc-cleanup-sockets ;-) Huh; anyhow - it sounds like your patch is: - tmp_root = g_get_tmp_dir (); + tmp_root = g_get_user_runtime_dir (); and if so it is pre-approved & enthusiastically so etc. please just commit it ;-) You'll also need to fix ORBit2/linc/test/test-linc.c and linc2/src/cleanup.c - just a sed of g_get_tmp_dir for g_get_user_runtime_dir is fine - go for it ! ATB.
(In reply to comment #1) > Huh; anyhow - it sounds like your patch is: > > - tmp_root = g_get_tmp_dir (); > + tmp_root = g_get_user_runtime_dir (); > > and if so it is pre-approved & enthusiastically so etc. please just commit it > ;-) > Nah, it would be a bigger patch. The entire function can go away. Since the dir g_get_user_runtime_dir() returns is user specific, you don't need complex logic to create a random name and avoid collisions or anything. You just take the path, and append "/orbit/socket" or so. Done. Elegant, simple, delicious!
Ho hum :-) Well - again, feel free to commit a suitable patch to ORBit2 - if 'make check' passes (or breaks similarly to before) things will be fine. There are essentially a few requirements here: 1. unix domain socket paths cannot be too long: + man 7 socket - suggests 108 bytes 2. the orbit socket dir is somewhat special - to avoid people being able to write to your sockets (on any unix). + ie. it must be: a) reliably find-able - ie. other users must not be able to confuse ORBit2 into using their sockets, and/or create directories with the wrong permissions. b) attributes 0700 - so other users cannot traverse into that directory - such that they cannot open the sockets (on lamer Unix's). AFAIR etc. I guess 1. is fine - as long as the user socket dir is not: /home/hippopotamos_defibrilator/.dot-directory-with-long-name/lets/hide/things/deeply/so/they/are/not/findable/orbit2-user-only-owned-dir/finaly-0xrandomhexkey 2. b) is of concern - you would hope that this would be true for this directory - are we checking those permissions ?
Created attachment 184902 [details] [review] Use user runtime dir instead of tmp
Patch looks great; we should git grep for g_get_tmp_dir and fix the other instances though. Thanks ! and do just commit that, I'm sure you know what you're doing.
ORBit2 is not under active development anymore. Its codebase has been archived: https://gitlab.gnome.org/Archive/orbit2/commits/master Closing this report as WONTFIX as part of Bugzilla Housekeeping to reflect reality. Please feel free to reopen this ticket (or rather reactivate the project to GNOME Gitlab, as GNOME Bugzilla is deprecated) if anyone takes the responsibility for active development again.