bluetech
commented
1 year ago Making secure_getenv optional sounds fine to me, as long as it's an explicit, non-default flag passed by the application, and not controlled externally. I believe gdm had some issues with this as well.
I think it would be better for the flag to be explicit, e.g. XKB_CONTEXT_NO_SECURE_GETENV. This would only control whether the library uses secure_getenv or getenv.
Looking at the code, it should be possible to thread a context flag to all places which call secure_getenv currently (for libxkbregistry, the rxkb context). So we'll replace secure_getenv calls with a xkb_context_getenv which consults the flag (and same for rxkb).
Would you like to send a patch for this?
rpigott
bam80
Hi there.
I'm working on sway, which uses CAP_SYS_NICE to gain realtime priority. This has the unfortunate side-effect of borking
xkb_context_include_path_append_defaultbecause secure_getenv refuses to read $HOME, $XDG_CONFIG_HOME, etc. and this is a hassle to avoid.I would be interested in maybe a XKB_CONTEXT_YES_DEFAULT_INCLUDES flag (opposite of XKB_CONTEXT_NO_DEFAULT_INCLUDES) that would add these default configs using getenv on request. Sway doesn't support suid operation so I believe there would be no security risk to create our xkb context with such a flag.
Related: swaywm/sway#7311