Moving the X11 socket to XDG_RUNTIME_DIR
Artur Manuel
amad at atl.tools
Fri Jul 4 00:07:23 UTC 2025
On Thu Jul 3, 2025 at 7:44 AM BST, Carsten Haitzler wrote:
> so do you propose the xserver sets up these symlinks? if x is running as $USER
> then putting it in the xdg runtime dir makes sense. but then... you have issues
> with multiple users fighting over /tmp/.X11-unix for the compat symlinks (in the
> in the case of 2 x sessions running as 2 users on different vt's etc.).
It wouldn't really be a fight, since you would assign a new $DISPLAY
value anyway (:1 rather than :0) and that would be reflected in the
socket directory. I'm pretty sure it would be bad if your user is trying
to fight for the same DISPLAY.
> i agree in principle a xorg running as $USER (not root) would be a
> cleaner/better solution with the socket where you propose... but changing this
> has implications for compatibility.
Indeed it could break compatibility but I believe you can handle this in
such a way where this isn't a problem. The root user can also have an
XDG_RUNTIME_DIR directory anyway (and it would be even more secure in
that case since you can now no longer hijack the root's X11 socket and
have an albeit tedious way of accessing root without needing the
password.) To make it brief: compatibility should not be the main
concern, security should be.
> this is a choice of "keep compat" or "improve things and maybe break a few
> things on the way".
>
> i PERSONALLY would vote for small breaks like this as being acceptable for
> their improvements, as i would also vote in general for improvements to xorg
> and protocols if they broke things in clever and well through out ways to make
> it a better place. i'm just pointing out that there is an issue that comes
> along with this.
I agree. I would rather not have security implications because some
noteworthy app hardcoded the position of the X11 socket and it would
break if said path were to change. This is mostly a non-issue anyway as
there doesn't seem to be, in my perspective, a way this would break
compatibility. I would agree that it may cause issues though.
I hope I wasn't too annoying in my points. Once again, cheers,
--
Artur Manuel (amadaluzia)
More information about the xorg-devel
mailing list