BSD: provide a fallback for user_runtime_dir #201

RayyanAnsari · 2023-07-03T17:45:02Z

On *BSD platforms, the /var/run/user/{uid} directory is not always created. Provide a fallback of /tmp/runtime-{uid} if that path does not exist.

gaborbernat

test and make sure CI passes.

RayyanAnsari · 2023-07-04T18:18:10Z

src/platformdirs/unix.py:164:28: S108 Probable insecure usage of temporary file or directory: "/tmp/runtime-"
Why is this considered to be insecure?

src/platformdirs/unix.py

tests/test_unix.py

On *BSD platforms, the /var/run/user/{uid} directory is not always created. Provide a fallback of /tmp/runtime-{uid} if that path does not exist and update the test to reflect these changes.

gaborbernat

ThomasWaldmann · 2023-07-06T23:45:25Z

@bket can you check?

A borgbackup-2.0.0b6 test fails on OpenBSD with the message below. ``` =================================== FAILURES =================================== _____________________________ test_get_runtime_dir _____________________________ path = '/run/user/55/borg', mode = 511, pretty_deadly = True def ensure_dir(path, mode=stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO, pretty_deadly=True): """ Ensures that the dir exists with the right permissions. 1) Make sure the directory exists in a race-free operation 2) If mode is not None and the directory has been created, give the right permissions to the leaf directory. The current umask value is masked out first. 3) If pretty_deadly is True, catch exceptions, reraise them with a pretty message. Returns if the directory has been created and has the right permissions, An exception otherwise. If a deadly exception happened it is reraised. """ try: > os.makedirs(path, mode=mode, exist_ok=True) build/lib.openbsd-7.3-amd64-cpython-310/borg/helpers/fs.py:37: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ... If $XDG_RUNTIME_DIR is not set `platformdirs.user_runtime_dir()` returns one of 3 different paths (tox-dev/platformdirs#201. Proposed fix is to check if `get_runtime_dir()` returns one of these paths.

A borgbackup-2.0.0b6 test fails on OpenBSD with the message below. ``` =================================== FAILURES =================================== _____________________________ test_get_runtime_dir _____________________________ path = '/run/user/55/borg', mode = 511, pretty_deadly = True def ensure_dir(path, mode=stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO, pretty_deadly=True): """ Ensures that the dir exists with the right permissions. 1) Make sure the directory exists in a race-free operation 2) If mode is not None and the directory has been created, give the right permissions to the leaf directory. The current umask value is masked out first. 3) If pretty_deadly is True, catch exceptions, reraise them with a pretty message. Returns if the directory has been created and has the right permissions, An exception otherwise. If a deadly exception happened it is reraised. """ try: > os.makedirs(path, mode=mode, exist_ok=True) build/lib.openbsd-7.3-amd64-cpython-310/borg/helpers/fs.py:37: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ``` If `$XDG_RUNTIME_DIR` is not set `platformdirs.user_runtime_dir()` returns one of 3 different paths (tox-dev/platformdirs#201. Proposed fix is to check if `get_runtime_dir()` returns one of these paths.

A borgbackup-2.0.0b6 test fails on OpenBSD with the message below. ``` =================================== FAILURES =================================== _____________________________ test_get_runtime_dir _____________________________ path = '/run/user/55/borg', mode = 511, pretty_deadly = True def ensure_dir(path, mode=stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO, pretty_deadly=True): """ Ensures that the dir exists with the right permissions. 1) Make sure the directory exists in a race-free operation 2) If mode is not None and the directory has been created, give the right permissions to the leaf directory. The current umask value is masked out first. 3) If pretty_deadly is True, catch exceptions, reraise them with a pretty message. Returns if the directory has been created and has the right permissions, An exception otherwise. If a deadly exception happened it is reraised. """ try: > os.makedirs(path, mode=mode, exist_ok=True) build/lib.openbsd-7.3-amd64-cpython-310/borg/helpers/fs.py:37: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ``` If `$XDG_RUNTIME_DIR` is not set `platformdirs.user_runtime_dir()` returns one of 3 different paths (tox-dev/platformdirs#201). Proposed fix is to check if `get_runtime_dir()` returns one of these paths.

sthen · 2023-07-16T08:37:07Z

src/platformdirs/unix.py:164:28: S108 Probable insecure usage of temporary file or directory: "/tmp/runtime-" Why is this considered to be insecure?

Because another user can easily create the directory (it has a predictable name and is in a world-writable temp dir). To be safe the dir would need to be created and checked that it has been created with correct ownership and permissions (and probably fail if not).

gaborbernat requested changes Jul 3, 2023

View reviewed changes

RayyanAnsari force-pushed the bsd-runtime-dir branch 2 times, most recently from 864eeff to 48550bd Compare July 4, 2023 18:15

kemzeb reviewed Jul 4, 2023

View reviewed changes

src/platformdirs/unix.py Outdated Show resolved Hide resolved

RayyanAnsari force-pushed the bsd-runtime-dir branch 2 times, most recently from 288732e to 786a8bd Compare July 5, 2023 23:02

RayyanAnsari marked this pull request as ready for review July 5, 2023 23:02

RayyanAnsari requested review from ofek, Julian and RonnyPfannschmidt as code owners July 5, 2023 23:02

RayyanAnsari requested a review from gaborbernat July 6, 2023 00:02

gaborbernat requested changes Jul 6, 2023

View reviewed changes

tests/test_unix.py Outdated Show resolved Hide resolved

gaborbernat marked this pull request as draft July 6, 2023 15:57

RayyanAnsari force-pushed the bsd-runtime-dir branch from 786a8bd to 04499c8 Compare July 6, 2023 21:26

BSD: provide a fallback for user_runtime_dir

8ecc7d3

On *BSD platforms, the /var/run/user/{uid} directory is not always created. Provide a fallback of /tmp/runtime-{uid} if that path does not exist and update the test to reflect these changes.

RayyanAnsari force-pushed the bsd-runtime-dir branch from 04499c8 to 8ecc7d3 Compare July 6, 2023 21:27

RayyanAnsari requested a review from gaborbernat July 6, 2023 21:29

gaborbernat approved these changes Jul 6, 2023

View reviewed changes

gaborbernat marked this pull request as ready for review July 6, 2023 21:48

gaborbernat merged commit 5f7eb47 into tox-dev:main Jul 6, 2023

gaborbernat mentioned this pull request Jul 6, 2023

user_runtime_dir for *BSD #190

Closed

bket mentioned this pull request Jul 7, 2023

Fix failing test on OpenBSD borgbackup/borg#7719

Merged

ThomasWaldmann mentioned this pull request Aug 27, 2023

*bsd get_runtime_dir() borgbackup/borg#7638

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

BSD: provide a fallback for user_runtime_dir #201

BSD: provide a fallback for user_runtime_dir #201

RayyanAnsari commented Jul 3, 2023

gaborbernat left a comment

RayyanAnsari commented Jul 4, 2023 •

edited

Loading

gaborbernat left a comment

ThomasWaldmann commented Jul 6, 2023

sthen commented Jul 16, 2023

BSD: provide a fallback for user_runtime_dir #201

BSD: provide a fallback for user_runtime_dir #201

Conversation

RayyanAnsari commented Jul 3, 2023

gaborbernat left a comment

Choose a reason for hiding this comment

RayyanAnsari commented Jul 4, 2023 • edited Loading

gaborbernat left a comment

Choose a reason for hiding this comment

ThomasWaldmann commented Jul 6, 2023

sthen commented Jul 16, 2023

RayyanAnsari commented Jul 4, 2023 •

edited

Loading