bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on-demand

[Eli Zaretskii]

> Date: Wed, 8 Dec 2021 11:06:12 -0800
> Cc: 51327@debbugs.gnu.org
> From: Paul Eggert <eggert@cs.ucla.edu>
> 
> On 12/7/21 22:57, Jim Porter wrote:
> > Doing that by default opens a loophole for all emacsclient users, but 
> > what about a command-line flag like `emacsclient 
> > --allow-tmpdir-loophole' and/or an environment variable like 
> > `EMACS_ALLOW_TMPDIR_LOOPHOLE=1 emacsclient' (with a better name, of 
> > course)? Then, the default behavior would be free of loopholes[2], but 
> > Ulrich's case could be achieved by passing that flag when calling 
> > emacsclient. It might even be possible for Gentoo to enable that for the 
> > user in the appropriate cases...
> 
> Yes, I think something like this would be OK. The command-line flag 
> would be easier to audit.
> 
> Not sure whether a last-minute change like this should go into Emacs 28, 
> though, even though it's security-relevant. Eli would be a better judge 
> of that.

If it's a new command-line argument, and if the participants in this
discussion can live with it as the solution for this problem, I'm okay
with having it on emacs-28.

Thanks.