droidmonkey
commented
1 month ago we'll consider that when we move to Qt6
Open jamessan opened 1 month ago
droidmonkey
commented
1 month ago we'll consider that when we move to Qt6
HanabishiRecca
commented
1 month ago A more pronounced issue here that there could be more than 1 user in the system. If they open the app simultaneously... well, it will be a mess.
Also, /tmp is world-readable, which is not really good for security.
droidmonkey
commented
1 month ago Yes good points, although there is nothing sensitive in this lock file except for its mere presence.
jamessan
commented
1 month ago A more pronounced issue here that there could be more than 1 user in the system. If they open the app simultaneously... well, it will be a mess.
Not really, since the username is part of the filename -- https://github.com/keepassxreboot/keepassxc/blob/5de669eb7b3c2a56ee865960bb4b8002090ca1f5/src/gui/Application.cpp#L65-L68
droidmonkey
commented
1 month ago Yes that is also true
HanabishiRecca
commented
1 month ago Yeah, I didn't notice that. Sorry, disregard my gripes then.
Although, it'd better be a user id instead. But using XDG_RUNTIME_DIR is the best solution anyway.
https://github.com/keepassxreboot/keepassxc/blob/5de669eb7b3c2a56ee865960bb4b8002090ca1f5/src/gui/Application.cpp#L80-L82
Given that /tmp may be periodically cleaned during the uptime of a system, it seems like these should live under
$XDG_RUNTIME_DIR.