Hello Hi, I think you're overthinking it.
At any given time, the BDS conformance of any process, whatever its role, should be evaluated in terms of *its own* environment. Even if that didn't make abundant sense, there really isn't any other viable alternative for a specification relying so fundamentally on environment variables. System services are no exception. Consider that even if a service could determine the value of, say, the XDG_CACHE_HOME variable of a client process, chances are poor that the service could access the designated directory even if it wanted to do. And it would be an enormous security vulnerability if it could and did. Bear in mind also that even different processes running strictly by, as, and for a particular user don't have to have the same values for their BDS-relevant environment variables. In this sense too, BDS is inescapably a per-process specification. Best, John Bollinger ________________________________ From: xdg <xdg-boun...@lists.freedesktop.org> on behalf of 90 <hi@90.gripe> Sent: Monday, March 11, 2024 1:16 PM To: xdg@lists.freedesktop.org <xdg@lists.freedesktop.org> Subject: Inquiry regarding XDG Base Directory Specification and daemon processes running as root (2nd Attempt) [You don't often get email from hi@90.gripe. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Caution: External Sender. Do not open unless you know the content is safe. Seeing as last month's inquiry from me went unanswered - probably not helped by the fact that I accidentally sent it to the mailing list twice at that moment - I would like to make another attempt at asking it. Advice on how to go about such implementations for XDGBDS compliance in this case would be greatly appreciated. Quoted below: > In recent times, I've gotten quite heavily interested and invested into the > XDGBDS and compliance with it across various pieces of software, and have > even gone around to a couple of project to either propose compromises for > adoption — for projects which have refused in the past to adopt it - or > outright contribute it myself via patches and the like. However, a problem > has come up with this endeavour which I would like to ask for some insight on. > > As you may know, some programs on Unix-like operating systems consist of both > a client component typically run by the current user and a server component, > typically a daemon, which may or may not be invoked by a different user such > as 'root'. In those cases, it usually isn't possible for this other user to > determine environment variables set by the user for which BDS compliance is > desired. One could, in theory, scan through the entire process tree and look > for the highest-level processes being run by the compliant user before > reading the environment of those processes and checking for the relevant XDG_ > variables, but I imagine that this would be rather fickle and error-prone. > Hence, I wondered if anyone had some other idea in mind as to how full > compliance may be achieved for such server software involving daemons. How > might one go about this in a reasonable manner? Kind regards. ________________________________ Email Disclaimer: www.stjude.org/emaildisclaimer Consultation Disclaimer: www.stjude.org/consultationdisclaimer
