From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 0D63318220; Sat, 26 Jul 2025 10:25:28 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id C9EB81818E; Sat, 26 Jul 2025 10:25:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from fhigh-b5-smtp.messagingengine.com (fhigh-b5-smtp.messagingengine.com [202.12.124.156]) by atuin.qyliss.net (Postfix) with ESMTPS id 1C50E1818D for ; Sat, 26 Jul 2025 10:25:25 +0000 (UTC) Received: from phl-compute-04.internal (phl-compute-04.phl.internal [10.202.2.44]) by mailfhigh.stl.internal (Postfix) with ESMTP id EAE047A0D8E; Sat, 26 Jul 2025 06:25:23 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-04.internal (MEProxy); Sat, 26 Jul 2025 06:25:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm2; t=1753525523; x=1753611923; bh=p5SrxYPBxJ IzYc7LVbnnHCyJD77jc78l4MTTu76orCM=; b=HgHKt6thmp7QukAeW78MUvB+3/ 8CP78Mr5rJInLLIb9WiASq8TUQFcfhuKB7jB1YMbMnHuaNWNnFd8AnGDfV7JIXi2 hUdbldAXX53hS5TO0TOu04eXSPdX5Y1qYyIJzIgA9sODb4O/rkV0aAJVbxDQAxi4 CyIs4RZDmCX7W8V9iVtyefwGZCVwOE7svQtsEN5cTTrzEuLEKt7cxu372+yD7aCG qOy0jY5IuMnP4hbBd/LeXyiDz7jfiyiaAdqx+cuPJXHZTZQqJ5wHQ11/PQ6zJfAN lbFdPtUjSkFQgCQTDhWrW0YPR3llkhOZYIRx8IIcvqsR9pn6UzhwpAkBdNMA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t= 1753525523; x=1753611923; bh=p5SrxYPBxJIzYc7LVbnnHCyJD77jc78l4MT Tu76orCM=; b=hJu47BwKwA8paZuT7Y/Ubl/4A3kq93GDv2arVrloa75j4WFiwE4 nhg7lcnAaTjMlcaVFPd4Tdmaz2HGfflRb4thie1lqQmC/x/+dfRhW/mAPItWPpEv v6mvljYaL3bE+YLhcwm0qLdA3zTku6FtYZEnoCzsatKSGwyR5FdKeCEOJtzh5awH U6cuptL2/op1cRoOHyzMrP2ucHtQ98rshFgmwaEpXPKHlZrDqrJJOIFScMiJQt9C kDqiHOnS4IdSzgYD7qckS7V73X5VJk3ysnbLW0R0E1dhey0RhcCGY7fRWPR2WXpH xoIaktorNnZ4xMWxbtyxldMkYdEjEwCUK7A== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdefgdekiedujecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug hrpefhvffujghffffkgggtsehgtderredttdejnecuhfhrohhmpeetlhihshhsrgcutfho shhsuceohhhisegrlhihshhsrgdrihhsqeenucggtffrrghtthgvrhhnpeffudduffeuff egheeigeejtdekhfduheehfeduheelffettdekiedtgeefgfelheenucevlhhushhtvghr ufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehhihesrghlhihsshgrrdhish dpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepuggv mhhiohgsvghnohhurhesghhmrghilhdrtghomhdprhgtphhtthhopeguvghvvghlsehsph gvtghtrhhumhdqohhsrdhorhhg X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 26 Jul 2025 06:25:23 -0400 (EDT) Received: by sf.qyliss.net (Postfix, from userid 1000) id 5BA552D6F17D9; Sat, 26 Jul 2025 12:25:05 +0200 (CEST) From: Alyssa Ross To: Demi Marie Obenour , Spectrum OS Development Subject: Re: [PATCH v6 4/5] img/app: Create needed directories in early boot In-Reply-To: <7b381025-42fc-448c-b0c7-5aa584c08daa@gmail.com> References: <2862317f-1419-4405-870d-f7631bcd1d2a@gmail.com> <7b381025-42fc-448c-b0c7-5aa584c08daa@gmail.com> Date: Sat, 26 Jul 2025 12:24:58 +0200 Message-ID: <87h5yzfdvp.fsf@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Message-ID-Hash: AHX5I42MQSCTLJIY3LPW3IAOMGFPEB4X X-Message-ID-Hash: AHX5I42MQSCTLJIY3LPW3IAOMGFPEB4X X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Demi Marie Obenour writes: > This moves various calls to mkdir(1) to very early boot, before any > services are running. This has two advantages: > > 1. These directories are guaranteed to exist. Code can just assume that > they are there without checking for them. > > 2. Malicious code running as an unprivileged user cannot create > directories under /tmp before legitimate code has done so. > > Also, it creates the various directories used by X11 with restrictive > permissions to prevent untrusted code from writing to them, and sets up > /run/user/0 to provide $XDG_RUNTIME_DIR. > > The copyright notice for directory creation is not kept because making > four directories with well-known names and permissions is not > copyrightable. Missing S-o-b. > --- > img/app/etc/s6-linux-init/scripts/rc.init | 8 ++++++++ > img/app/etc/s6-rc/wayland-proxy-virtwl/run | 10 ---------- > 2 files changed, 8 insertions(+), 10 deletions(-) > > diff --git a/img/app/etc/s6-linux-init/scripts/rc.init b/img/app/etc/s6-l= inux-init/scripts/rc.init > index c5a59245ff3761e94acb974edde967806fb3b234..6f2db32935332793faf47e3c6= 8e42b0afd537a2d 100755 > --- a/img/app/etc/s6-linux-init/scripts/rc.init > +++ b/img/app/etc/s6-linux-init/scripts/rc.init > @@ -7,4 +7,12 @@ if { s6-rc-init -c /etc/s6-rc /run/service } > if { modprobe overlay } > if { mount -a --mkdir } >=20=20 > +# /tmp/.*-unix are used by X11 and exist on my machine with 1777 permiss= ions. > +# Use mode 0755 because no other user needs access to them. 0755 gives read access to other things =E2=80=94 that what we want? > +# Also, I have seen some software use /tmp/user, so create it as well. > +if { mkdir -m 0755 /tmp/user /tmp/.X11-unix /tmp/.ICE-unix /tmp/.XIM-uni= x /tmp/.font-unix } In general I'd prefer to avoid having anything in the VMs where we don't totally understand what it's for. If we want to create these anyway just to make sure something evil doesn't create them with the wrong owner/permissions before we can, rather than because we know they do something useful that we want, maybe we should create them 0000? But given that this is the guest, I'm not sure that's necessary=E2=80=A6 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRV/neXydHjZma5XLJbRZGEIw/wogUCaISs+gAKCRBbRZGEIw/w ogjGAPwKyctDlIezxGzB/YpiCzfwx4AhTe8i8o7PzCo91sCStwD/dmi9geQ/UMXr 6t5E73rhk+Zzzhy4BC4nqUE6LU7QrAE= =PX53 -----END PGP SIGNATURE----- --=-=-=--