-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
env::temp_dir returns /private/tmp on Apple instead while /tmp is #100196
Conversation
a symlink in fact. ref rust-lang#99608
Hey! It looks like you've submitted a new PR for the library teams! If this PR contains changes to any Examples of
|
r? @thomcc (rust-highfive has picked a reviewer for you, use r? to override) |
Hmm, I am not so sure about this. The preferred tempdir on these platforms is the value from This is best for security, as it avoids providing a temporary directory that another user (who may be at a different privilege level) has access to, unlike /tmp or /private/tmp. Usually More generally, we've always returned Either way, this is a behavioral change that would require documentation to be updated, and t-libs-api signoff. @rustbot label +T-libs-api -T-libs |
I think this needs further discussion in the t-libs-api meeting. Essentially there are three choices here for what to do if
I recommend either the third (which is a behavioral change, but we don't promise this to be unchanging, and I would have expected |
(Sorry for the accidental close -- accidentally hit tab). See previous message for explanation of my nomination. @rustbot label +I-libs-api-nominated |
Are there any examples of this? Is there any realistic use case where a symlink would be a problem? |
It did cause an issue for someone using SQLite, since they were requesting SQLite not follow symbolic links. I don't particularly care about this. That said, I don't think most software on Darwin OSes should be using Generally this is not needed, as most of the time |
len: libc::size_t, | ||
) -> libc::size_t; | ||
} | ||
let tmpdir = unsafe { libc::getenv(b"TMPDIR".as_ptr() as *const libc::c_char) }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We already checked the env above. Also, don't use libc::getenv
as it doesn't hold the env lock. Also, this string isn't NUL-terminated.
let tmpdir = unsafe { libc::getenv(b"TMPDIR".as_ptr() as *const libc::c_char) }; | ||
if tmpdir.is_null() { | ||
let mut buf: Vec<u8> = vec![0; libc::PATH_MAX as usize]; | ||
const _CS_DARWIN_USER_TEMP_DIR: libc::c_int = 65537; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's wait for rust-lang/libc#2883.
} | ||
let tmpdir = unsafe { libc::getenv(b"TMPDIR".as_ptr() as *const libc::c_char) }; | ||
if tmpdir.is_null() { | ||
let mut buf: Vec<u8> = vec![0; libc::PATH_MAX as usize]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
50 bytes should be enough in practice, but really this should have some retry logic. I was going to submit thomcc@ee1c648 as a PR at one point, but you can just integrate the changes from it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it s better if you do since you authored all.
a symlink in fact.
ref #99608