Bug 400451

Summary: kwin_wayland blocks TMPDIR env variable inheritance in Plasma wayland session
Product: [Plasma] kwin Reporter: Ardith Metz <itgvkxsd>
Component: wayland-genericAssignee: KWin default assignee <kwin-bugs-null>
Status: RESOLVED FIXED    
Severity: normal CC: 1i5t5.duncan, notuxius, oxalicc
Priority: NOR Keywords: wayland
Version: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: missing TZDIR breaks clock widget

Description Ardith Metz 2018-10-29 16:58:54 UTC
SUMMARY

Exporting TMPDIR variable in ~/.profile or ~/.config/plasma-workspace/env doesn't work in plasma-wayland session.

STEPS TO REPRODUCE
1. echo "export TMPDIR="$HOME/.cache" >~/.config/plasma-workspace/env/tmpdir.sh
2. Log-in into plasma-wayland session.
3. echo $TMPDIR

OBSERVED RESULT

echo $TMPDIR has no output. $TMPDIR var isn't set.

EXPECTED RESULT

echo $TMPDIR
/home/username/.cache

SOFTWARE VERSIONS
(available in About System)
KDE Plasma Version: 5.14.2
KDE Frameworks Version: 5.51.0
Qt Version: 5.11.2

ADDITIONAL INFORMATION

Tested on Arch Linux. Logging-in through SDDM. Expected result does happen in plasma-x11 session.
Comment 1 Alexander Mentyu 2018-10-30 11:17:36 UTC
Can reproduce

Operating System: KDE neon Developer Edition
KDE Plasma Version: 5.14.80
Qt Version: 5.11.2
KDE Frameworks Version: 5.52.0
Comment 2 Martin Flöser 2018-10-30 18:47:35 UTC
This is unrelated to KWin - KWin does not care about any env directories. It belongs to startup which could be ksmserver.

Overall it's questionable whether we want to support env variable loading at all in Wayland as this is a security risk (at least KWin should not).
Comment 3 Ardith Metz 2018-10-31 10:06:50 UTC
(In reply to Martin Flöser from comment #2)
> This is unrelated to KWin - KWin does not care about any env directories. It
> belongs to startup which could be ksmserver.
Thx. I asked on IRC under which component should I open this and they recommended Kwin as a roughly choice.

> Overall it's questionable whether we want to support env variable loading at
> all in Wayland as this is a security risk (at least KWin should not).
I'm not sure what do you mean here. Ignoring /etc/profile.d, .profile, .pam_environment, .config/plasma-workspace/env? How do you setup working session without exporting env variables? How do you set correct LANG, scale dpi? Do you want to make wayland-session unconfigurable?

Is the user config part of security threat scenario in wayland but not in X?

In this specific case ignoring TMPDIR (which is changed from common shared dir to private user dir) make security worse not better.
Comment 4 Ardith Metz 2019-05-14 12:33:41 UTC
I've found the cause. 'kwin_ayland' binary is installed with 'CAP_SYS_NICE' file capability[1] which blocks 'TMPDIR' inheritance across the runtime chain. Removing that capability makes 'TMPDIR' correctly exported again.

This was introduced in[2]  and caused env variables inheritance issue already in[3].

I think the fix should be similar to the above - if TMPDIR var exist then pass it explicitly to child processes 

[1] https://github.com/KDE/kwin/blob/988ca97c96f11912a856f36daf5f044845044f7b/CMakeLists.txt#L702

[2] https://github.com/KDE/kwin/commit/7c8003f7f6212ccad7de652943f94d501365d30f

[3] https://github.com/KDE/kwin/commit/eb69e87288d37fdb13eca32ca807ed8279f912af
Comment 5 Duncan 2020-11-15 13:36:16 UTC
_This_ is why I was losing TMPDIR!

So plasma wayland support is coming along well enough that I'm in the process of reconfiguring my desktop and workflow for wayland, and I've been struggling with apps behaving incorrectly.  I just spent a bunch of time tracing down the misbehavior in at least one case to an unset TMPDIR, then using htop to read environments to try to figure out where it went missing.  Sure enough it was kwin_wayland.

I was on my way to filing a bug when I found this in my pre-file existing-bugs search.

Now I know why, and I wonder how many other apps' misbehavior is tracing to this, and what other missing environment vars are laying traps for future misbehavior, as well.

Thanks for tracking it down and reporting.  I'd have /never/ figured out it was CAPS-related restrictions on my own!

Luckily I'm on Gentoo and there's the USE=caps flag I can easily turn off for kwin until this is fixed (two years and counting already, I see).  X is obviously running without realtime so it shouldn't cause any problems I'm not used to by now, and it looks to save me at least a handful and very possibly a whole slew of other problems.
Comment 6 Oxalica 2021-10-30 08:55:22 UTC
Created attachment 143023 [details]
missing TZDIR breaks clock widget

Hit this issue on NixOS, which default to have TZDIR=/etc/zoneinfo in both PAM and shell environment. But kwin_wayland dropped it due to the capability flag. This leads to all downstream processes including `plasmashell` and autostarted programs failed to find timezone data. It breaks the clock widgets, which show nothing on panel and meaningless strings and numbers in calendar.

https://github.com/NixOS/nixpkgs/issues/143272
Comment 7 Ardith Metz 2022-06-17 21:30:21 UTC
As in Plasma 5.25 with the new systemd based startup it's no longer an issue, see https://invent.kde.org/plasma/kwin/-/merge_requests/1590#note_350977