openssh bugs - Jan 2019 - [Bug 2950] New: Store user runtime files in /run/user/ rather than in /tmp/

https://bugzilla.mindrot.org/show_bug.cgi?id=2950

            Bug ID: 2950
           Summary: Store user runtime files in /run/user/ rather than in
                    /tmp/
           Product: Portable OpenSSH
           Version: 7.9p1
          Hardware: Other
               URL: https://bugzilla.redhat.com/show_bug.cgi?id=1658642
                OS: Linux
            Status: NEW
          Keywords: patch
          Severity: enhancement
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Created attachment 3220
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3220&action=edit
proposed patch

In utilized servers and desktops, it is not uncommon that /tmp
directory gets full and ssh services can not write any needed files in
there. This affects the authentication information, local and forwarded
ssh-agent sockets and forwarded kerberos tickets.

This is solved for many applications [1], services and daemons already
by using XDG_RUNTIME_DIR environment variable, which points to the
location under /run/user, that is already private for a specific user.
The advantage is that this variable is available both from PAM after
authentication and in the user session.

The attached patch implements using this environment variable if
available and makes the above use cases more reliable (especially the
authentication information files). On systems not providing this
variable, there should be no overhead and fallback to the current
method.

[1]
https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2950

Pat Riehecky <riehecky at fnal.gov> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |riehecky at fnal.gov

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2950

--- Comment #1 from Pat Riehecky <riehecky at fnal.gov> ---
I'd really love to see this patch applied.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2950

--- Comment #2 from Pat Riehecky <riehecky at fnal.gov> ---
I've managed to get an initial review of this patch at
https://lists.mindrot.org/pipermail/openssh-unix-dev/2023-February/040555.html

Jakub Jelen are you able to address the questions there (and post an
updated PR so I can retire mine and you get full credit for your work)?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2950

github at kalvdans.no-ip.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |github at kalvdans.no-ip.org

-- 
You are receiving this mail because:
You are watching the assignee of the bug.