(linux) Global /tmp paths causes permission issues with multiple users #85
Description
Since all instances of PineFlash share the same tempfile locations, permission issues can occur if different users run PineFlash sequentially. This is most likely to occur if someone runs PineFlash once with sudo, and then runs it normally afterwards.
As temp_dir() will likely resolve to /tmp on most Linux systems, (See also: rust-lang/rust#39081), this would make /tmp/metadata.json, as well as any downloaded firmware owned by root (or any other user that ran PineFlash first), leaving any other users unable to use PineFlash properly until the system is rebooted or /tmp is cleared.
strace of PineFlash panicking when run normally after having used sudo pineflash below:
[pid 2084009] openat(AT_FDCWD, "/tmp/metadata.json", O_WRONLY|O_CREAT|O_TRUNC|O_CLOEXEC, 0666) = -1 EACCES (Permission denied)
thread '<unnamed>' panicked at src/main.rs:266:48:
called `Result::unwrap()` on an `Err` value: Os { code: 13, kind: PermissionDenied, message: "Permission denied" }
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
[pid 2084009] +++ exited with 0 +++
I don’t know of a convenient solution to this.
- Using $XDG_RUNTIME_DIR would solve at least this issue, since it's user-specific and private, but it's not guaranteed to be set, has no canonical fallback, and isn’t as clean as
temp_dir(). - PineFlash could create a directory for itself within
temp_dir(), including either some random characters or the PID to avoid collisions, but then it would lose the caching of firmware between runs. Sure, it could then also split that off into $XDG_CACHE_DIR, falling back to ~/.cache, but that feels like a lot of special-casing that would be better handled by a library. - PineFlash could just make a directory in
temp_dir()with the current user ID or name.pineflash.acuteaangleorpineflash.1001. Being predictable, that wouldn’t be resistant to malicious users on the same system, but would theoretically solve the more realistic accidental cases.