XDG_RUNTIME_DIR should not contain executable scripts

[totaam]

Issue migrated from trac ticket # 1394

component: android | priority: minor | resolution: needinfo

2016-12-30 20:51:11: tvierling created the issue

---

In short, getting this:

sh: 1: /run/user/1000/xpra/run-xpra: Permission denied

on Ubuntu 12.04, where /run is mounted by default as:

tmpfs on /run type tmpfs (rw,**noexec**,nosuid,size=10%,mode=0755)

I can of course modify this in fstab, but filing ticket as this is the default on Ubuntu. Either run-xpra should remain in $HOME, or some test should be done to check whether $XDG_RUNTIME_DIR is mounted noexec.

[totaam]

2016-12-30 20:52:10: tvierling commented

---

(Note that /run is mounted in the initramfs, so a hack in fstab to change this actually requires an entry containing "remount" in its options, since /run is not listed in fstab normally at all.)

[totaam]

2016-12-30 20:52:32: tvierling changed title from XDG_RIUNTIME_DIR should not contain executable scripts to XDG_RUNTIME_DIR should not contain executable scripts

[totaam]

2016-12-31 07:25:15: antoine changed owner from antoine to Todd Vierling

[totaam]

2016-12-31 07:25:15: antoine edited the issue description

[totaam]

2016-12-31 07:25:15: antoine commented

---

Original feature ticket: #1129

I've re-tested 1.0 on all those distributions to verify:

• Debian wheezy, Ubuntu 12.04, centos 5.x / 6.x: n/a, the directory [/var]/run/user does not exist
• centos 7.x: OK
• Ubuntu 16.04 / 16.10: OK
• Debian Jessie / Stretch: OK
• Fedora 24 / 25: OK
• Ubuntu 14.04: exists but mounted noexec

So the only problem that I can see is with 14.04, not 12.04, and it isn't a huge problem since we try to execute ~/.xpra/run-xpra first.
What is the problem you're seeing?

[totaam]

2016-12-31 18:15:06: tvierling commented

---

Sorry, it was a typo; I am in fact on 14.04 (trusty).

The problem is occurring when there is neither a ~/.xpra or $XDG_RUNTIME_DIR/xpra directory yet existing on the destination host. The autogenerated run-xpra script gets created in $XDG_RUNTIME_DIR in this case.

Looks like changing 'bind' from 'auto' to '~/.xpra/' makes the script appear in ~/.xpra as with previous versions. I suppose the least overhead solution to this issue would be a documentation note, or comment in the shipped 50_server_network.conf, that Ubuntu 14.04 systems should use that setting.

[totaam]

2017-01-01 05:13:41: antoine uploaded file xdg-runtime-dir-ubuntu1404.patch (0.8 KiB)

don't use XDG_RUNTIME_DIR for run-xpra script on Ubuntu 14.04

[totaam]

2017-01-01 05:13:59: antoine commented

---

Forgive me if I am being thick but I still fail to reproduce any kind of showstopper problem on 14.04:

rm -fr ~/.xpra ${XDG_RUNTIME_DIR}/xpra

Resets things for testing, then I can use any xpra command I like and when the "run-xpra" scripts get created (xpra start, xpra shadow, etc), they are created in both locations.

If I use a command that relies on those scripts (ie: xpra start ssh:HOST --start=xterm), then it finds the one in "~/.xpra" first and the command runs without problems.
What exact commands are you using to get a failure?

Does the patch attached above fix things?

[totaam]

2017-02-21 12:47:43: antoine changed status from new to closed

[totaam]

2017-02-21 12:47:43: antoine set resolution to needinfo

[totaam]

2017-02-21 12:47:43: antoine commented

---

Not heard back, closing.