Open jamessan opened 1 month ago
we'll consider that when we move to Qt6
A more pronounced issue here that there could be more than 1 user in the system. If they open the app simultaneously... well, it will be a mess.
Also, /tmp
is world-readable, which is not really good for security.
Yes good points, although there is nothing sensitive in this lock file except for its mere presence.
A more pronounced issue here that there could be more than 1 user in the system. If they open the app simultaneously... well, it will be a mess.
Not really, since the username is part of the filename -- https://github.com/keepassxreboot/keepassxc/blob/5de669eb7b3c2a56ee865960bb4b8002090ca1f5/src/gui/Application.cpp#L65-L68
Yes that is also true
Yeah, I didn't notice that. Sorry, disregard my gripes then.
Although, it'd better be a user id instead. But using XDG_RUNTIME_DIR
is the best solution anyway.
https://github.com/keepassxreboot/keepassxc/blob/5de669eb7b3c2a56ee865960bb4b8002090ca1f5/src/gui/Application.cpp#L80-L82
Given that /tmp may be periodically cleaned during the uptime of a system, it seems like these should live under
$XDG_RUNTIME_DIR
.