Skip to content
Snippets Groups Projects

use XDG_RUNTIME_DIR instead of /tmp

Merged use XDG_RUNTIME_DIR instead of /tmp
feature-xdg-dirs into main
Merged Johannes Knödtel requested to merge feature-xdg-dirs into main

The issue is, that POSIX only enforces the permissions of the containing directory but not the permissions of the socket itself. This can lead to potential security issues, as the command socket is not built for untrusted input. In the case that XDG_RUNTIME_DIR is not available, a directory under /tmp is created having the correct permissions to protect the socket under it.

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
Please register or sign in to reply