Skip to content
Snippets Groups Projects
Commit 6980aa72 authored by Johannes Knödtel's avatar Johannes Knödtel :notes:
Browse files

use XDG_RUNTIME_DIR instead of /tmp 

The issue is, that POSIX only enforces the permissions of the containing
directory but not the permissions of the socket itself. This can lead to
potential security issues, as the command socket is not built for untrusted
input. In the case that `XDG_RUNTIME_DIR` is not available, a directory under
`/tmp` is created having the correct permissions to protect the socket under
it.
parent 2903e7ef
No related tags found
Show whitespace changes
Inline Side-by-side
Showing
with 12 additions and 1 deletion
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment