Re: Inquiry regarding XDG Base Directory Specification and daemon processes running as root (2nd Attempt)
11 March 2024 at 19:00, "Bollinger, John" wrote: > > I think you're overthinking it. > > At any given time, the BDS conformance of any process, whatever its role, > should be evaluated in terms of *its own* environment. Even if that didn't > make abundant sense, there really isn't any other viable alternative for a > specification relying so fundamentally on environment variables. > > System services are no exception. Consider that even if a service could > determine the value of, say, the XDG_CACHE_HOME variable of a client process, > chances are poor that the service could access the designated directory even > if it wanted to do. And it would be an enormous security vulnerability if it > could and did. > > Bear in mind also that even different processes running strictly by, as, and > for a particular user don't have to have the same values for their > BDS-relevant environment variables. In this sense too, BDS is inescapably a > per-process specification. Gotcha. That is a bit annoying then for things like SSH and VNC servers, whose server processes look for per-user configuration for the user being accessed through those server protocols. I suppose, then, that the next best thing would just be to provide as much configurability for the server programs in order to specify alternative file/dir paths for per-user configuration, i.e. also looking for a ~/.config/vnc/passwd file as opposed to only ~/.vnc/passwd. Of course, this would mean that such paths would have to be hard-coded, however it wouldn't be too difficult to delegate such server config to a shell script or the like running with elevated privileges, i.e. through sudo, in order to then have an environment variable value to reference from the running login shell. I appreciate the response. Kind regards.
Re: Inquiry regarding XDG Base Directory Specification and daemon processes running as root (2nd Attempt)
Hello Hi, I think you're overthinking it. At any given time, the BDS conformance of any process, whatever its role, should be evaluated in terms of *its own* environment. Even if that didn't make abundant sense, there really isn't any other viable alternative for a specification relying so fundamentally on environment variables. System services are no exception. Consider that even if a service could determine the value of, say, the XDG_CACHE_HOME variable of a client process, chances are poor that the service could access the designated directory even if it wanted to do. And it would be an enormous security vulnerability if it could and did. Bear in mind also that even different processes running strictly by, as, and for a particular user don't have to have the same values for their BDS-relevant environment variables. In this sense too, BDS is inescapably a per-process specification. Best, John Bollinger From: xdg on behalf of 90 Sent: Monday, March 11, 2024 1:16 PM To: xdg@lists.freedesktop.org Subject: Inquiry regarding XDG Base Directory Specification and daemon processes running as root (2nd Attempt) [You don't often get email from hi@90.gripe. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Caution: External Sender. Do not open unless you know the content is safe. Seeing as last month's inquiry from me went unanswered - probably not helped by the fact that I accidentally sent it to the mailing list twice at that moment - I would like to make another attempt at asking it. Advice on how to go about such implementations for XDGBDS compliance in this case would be greatly appreciated. Quoted below: > In recent times, I've gotten quite heavily interested and invested into the > XDGBDS and compliance with it across various pieces of software, and have > even gone around to a couple of project to either propose compromises for > adoption — for projects which have refused in the past to adopt it - or > outright contribute it myself via patches and the like. However, a problem > has come up with this endeavour which I would like to ask for some insight on. > > As you may know, some programs on Unix-like operating systems consist of both > a client component typically run by the current user and a server component, > typically a daemon, which may or may not be invoked by a different user such > as 'root'. In those cases, it usually isn't possible for this other user to > determine environment variables set by the user for which BDS compliance is > desired. One could, in theory, scan through the entire process tree and look > for the highest-level processes being run by the compliant user before > reading the environment of those processes and checking for the relevant XDG_ > variables, but I imagine that this would be rather fickle and error-prone. > Hence, I wondered if anyone had some other idea in mind as to how full > compliance may be achieved for such server software involving daemons. How > might one go about this in a reasonable manner? Kind regards. Email Disclaimer: www.stjude.org/emaildisclaimer Consultation Disclaimer: www.stjude.org/consultationdisclaimer
Inquiry regarding XDG Base Directory Specification and daemon processes running as root (2nd Attempt)
Seeing as last month's inquiry from me went unanswered - probably not helped by the fact that I accidentally sent it to the mailing list twice at that moment - I would like to make another attempt at asking it. Advice on how to go about such implementations for XDGBDS compliance in this case would be greatly appreciated. Quoted below: > In recent times, I've gotten quite heavily interested and invested into the > XDGBDS and compliance with it across various pieces of software, and have > even gone around to a couple of project to either propose compromises for > adoption — for projects which have refused in the past to adopt it - or > outright contribute it myself via patches and the like. However, a problem > has come up with this endeavour which I would like to ask for some insight on. > > As you may know, some programs on Unix-like operating systems consist of both > a client component typically run by the current user and a server component, > typically a daemon, which may or may not be invoked by a different user such > as 'root'. In those cases, it usually isn't possible for this other user to > determine environment variables set by the user for which BDS compliance is > desired. One could, in theory, scan through the entire process tree and look > for the highest-level processes being run by the compliant user before > reading the environment of those processes and checking for the relevant XDG_ > variables, but I imagine that this would be rather fickle and error-prone. > Hence, I wondered if anyone had some other idea in mind as to how full > compliance may be achieved for such server software involving daemons. How > might one go about this in a reasonable manner? Kind regards.
