[PATCH] gpg: Avoid using XDG_RUNTIME_DIR as socketdir.

Damien Goutte-Gattat dgouttegattat at incenp.org
Tue Jan 3 19:12:16 CET 2017


On 01/03/2017 07:01 PM, Daniel Kahn Gillmor wrote:
> I disagree with this proposal -- we actually *do* want to use the
> directory that gets removed when the user logs out.

Well, that’s not what this comment in g10/homedir.c appears to say:

   /* It has been suggested to first check XDG_RUNTIME_DIR envvar.
    * However, the specs state that the lifetime of the directory MUST
    * be bound to the user being logged in.  Now GnuPG may also be run
    * as a background process with no (desktop) user logged in.  Thus
    * we better don't do that. */

So, either we *want* a directory that gets removed when the user logs 
out, and in that case we should probably use XDG_RUNTIME_DIR (if it is 
set) instead of hard-coding /run/user/$UID, or we do *not* want to use a 
directory that gets removed, and in that case I believe it would be 
better to make sure we do not end up accidentally using such a directory 
(when XDG_RUNTIME_DIR == /run/user/$UID).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170103/23cba14f/attachment-0001.sig>


More information about the Gnupg-devel mailing list