On 7/26/25 06:24, Alyssa Ross wrote: > Demi Marie Obenour writes: > >> This moves various calls to mkdir(1) to very early boot, before any >> services are running. This has two advantages: >> >> 1. These directories are guaranteed to exist. Code can just assume that >> they are there without checking for them. >> >> 2. Malicious code running as an unprivileged user cannot create >> directories under /tmp before legitimate code has done so. >> >> Also, it creates the various directories used by X11 with restrictive >> permissions to prevent untrusted code from writing to them, and sets up >> /run/user/0 to provide $XDG_RUNTIME_DIR. >> >> The copyright notice for directory creation is not kept because making >> four directories with well-known names and permissions is not >> copyrightable. > > Missing S-o-b. Will fix in v7. >> --- >> img/app/etc/s6-linux-init/scripts/rc.init | 8 ++++++++ >> img/app/etc/s6-rc/wayland-proxy-virtwl/run | 10 ---------- >> 2 files changed, 8 insertions(+), 10 deletions(-) >> >> diff --git a/img/app/etc/s6-linux-init/scripts/rc.init b/img/app/etc/s6-linux-init/scripts/rc.init >> index c5a59245ff3761e94acb974edde967806fb3b234..6f2db32935332793faf47e3c68e42b0afd537a2d 100755 >> --- a/img/app/etc/s6-linux-init/scripts/rc.init >> +++ b/img/app/etc/s6-linux-init/scripts/rc.init >> @@ -7,4 +7,12 @@ if { s6-rc-init -c /etc/s6-rc /run/service } >> if { modprobe overlay } >> if { mount -a --mkdir } >> >> +# /tmp/.*-unix are used by X11 and exist on my machine with 1777 permissions. >> +# Use mode 0755 because no other user needs access to them. > > 0755 gives read access to other things — that what we want? Nope. Only stuff that needs access should have it. >> +# Also, I have seen some software use /tmp/user, so create it as well. >> +if { mkdir -m 0755 /tmp/user /tmp/.X11-unix /tmp/.ICE-unix /tmp/.XIM-unix /tmp/.font-unix } > > In general I'd prefer to avoid having anything in the VMs where we don't > totally understand what it's for. If we want to create these anyway > just to make sure something evil doesn't create them with the wrong > owner/permissions before we can, rather than because we know they do > something useful that we want, maybe we should create them 0000? But > given that this is the guest, I'm not sure that's necessary… - /tmp/.X11-unix is the X server. - /tmp/.ICE-unix is for Inter-Client Exchange, which is still used. At a minimum, I have seen error messages referring to it. - /tmp/.font-unix is for the obsolete X Font Server. - /tmp/.XIM-unix is presumably for X11 input methods, which are not currently supported. At some point they might need to be supported. -- Sincerely, Demi Marie Obenour (she/her/hers)