Re: emacsclient startup messages

[Jim Porter]

On 10/30/2021 10:39 AM, Ulrich Mueller wrote:
> > > > > > On Tue, 26 Oct 2021, Jim Porter wrote:
>
> > I believe this is bug#51327. From how I understand it, this is fallout
> > from the fix for bug#33847 that occurs when `emacsclient' is run and
> > can't find a daemon to connect to. As far as I can tell, it's an
> > indicator of a real bug: the code is checking TMPDIR for the socket
> > even on a system with XDG_RUNTIME_DIR set (and ultimately, the
> > to-be-created daemon will put its socket in XDG_RUNTIME_DIR).
>
> There can be situations where there is an XDG environment for the client
> but not for the daemon.

Right, the patch in bug#33847 should handle that case correctly, but I'm 
pretty sure the current implementation opens users who spawn the Emacs 
daemon on-demand to symlink attacks. That's due to the code needing to 
check both XDG_RUNTIME_DIR and TMPDIR before being sure there's no 
daemon to connect to.

I can think of two ways to avoid this issue:

1) Have a flag that lets users explicitly state whether emacsclient can 
fall back to looking in TMPDIR. Then, if the flag is unset, emacsclient 
will only look in XDG_RUNTIME_DIR; if it is set, it will look in 
XDG_RUNTIME_DIR first, and fall back to TMPDIR if necessary. However, 
this means that either your case in bug#33847 or the "daemon on demand" 
case will need to explicitly set this flag, which is annoying.

2) If XDG_RUNTIME_DIR and ALTERNATE_EDITOR/--alternate-editor are both 
set, never check TMPDIR. This should let both cases work without 
requiring users to explicitly set a flag anywhere, but it the lack of 
explicitness could be more confusing. I think this should work fine in 
all cases, since users running `emacs --daemon' without XDG probably 
won't be using ALTERNATE_EDITOR (the daemon should always be running, so 
there's no need for an alternate editor).

- Jim