On Wed, Nov 12, 2025 at 04:18:37PM +0100, Landry Breuil wrote:
> Le Wed, Nov 12, 2025 at 04:03:16PM +0100, Landry Breuil a écrit :
> > Le Wed, Nov 12, 2025 at 07:39:01AM -0700, Theo de Raadt a écrit :
> > > > - add XDG_RUNTIME_DIR=/tmp/run/user/<uid> to ~/.ssh/environment
> > > 
> > > That is so incredibly user hostile.  First of all, it is a uid,
> > > and secondly this now applies to all non-interactive sessions also.
> > > Just plain yuck.
> > 
> > then i guess the alternative would be to:
> > - advertise 'waypipe ssh target env XDG_RUNTIME_DIR=xxx command'
> > - add a section in ~/.ssh/config with SendEnv XDG_RUNTIME_DIR for the
> >   given targets ?
> 
> i've given this a try, and waypipe works transparently with:
> 
> - in .ssh/config
> 
> Host localhost
>         SendEnv XDG_RUNTIME_DIR

This assumes that the remote user has the same uid as the local one.
And it won't create the remote directory if missing...

> 
> - in /etc/ssh/sshd_config:
> 
> PermitUserEnvironment XDG_RUNTIME_DIR
> AcceptEnv XDG_RUNTIME_DIR
> 
> (of course those two could be in a Match block)

I'm looking at do_setusercontext in ssh/session.c and start to wonder
if there is something i missed when applying the patch... My reading
of the code says that LOGIN_SETALL now implies LOGIN_SETXDGENV and so
XDG_RUNTIME_DIR should be set. (or is there some cleaning happeninng
later, like in xenodm ?)
-- 
Matthieu Herrb