From 6980aa72cf9d93d7462f449b70c6ed1c022e9e04 Mon Sep 17 00:00:00 2001
From: Johannes Knoedtel <johannes.knoedtel@fau.de>
Date: Tue, 15 Dec 2020 19:12:46 +0100
Subject: [PATCH] use XDG_RUNTIME_DIR instead of /tmp

The issue is, that POSIX only enforces the permissions of the containing
directory but not the permissions of the socket itself. This can lead to
potential security issues, as the command socket is not built for untrusted
input. In the case that `XDG_RUNTIME_DIR` is not available, a directory under
`/tmp` is created having the correct permissions to protect the socket under
it.
---
 client/client.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/client/client.py b/client/client.py
index 4423c7e..310abef 100755
--- a/client/client.py
+++ b/client/client.py
@@ -11,6 +11,8 @@ import time
 import logging
 import argparse
 import websockets
+import pathlib
+import tempfile
 
 
 class MPV:
@@ -159,7 +161,14 @@ running""",
     del args.start_mpv
 
     if args.mpv_socket is None:
-        args.mpv_socket = "/tmp/mpvsocket"
+        if "XDG_RUNTIME_DIR" in os.environ:
+            args.tmp_dir = None
+            xdg_runtime_dir = os.environ["XDG_RUNTIME_DIR"]
+        else:
+            args.tmp_dir = tempfile.TemporaryDirectory(dir="/tmp", prefix="mpvsync-")
+            xdg_runtime_dir = args.tmp_dir.name
+
+        args.mpv_socket = pathlib.Path(xdg_runtime_dir) / "mpvsocket"
     elif not is_socket(args.mpv_socket):
         parser.error(
             f"""The given socket path {args.mpv_socket} is not a UNIX socket"""
@@ -183,6 +192,8 @@ def main():
         asyncio.run(async_main(args))
     except KeyboardInterrupt:
         logging.info("Got KeyboardInterrupt. Terminating gracefully.")
+        if args.tmp_dir is not None:
+            args.tmp_dir.cleanup()
         sys.exit(0)
 
 
-- 
GitLab