Change XDG_RUNTIME_DIR mode from 0777 to 0700

[benhillis]

Reported by microsoft/WSL#12884

[benhillis]

Needs some testing, easiest way for me to get a system distro VHD is to use this CI.

[eureka-cpu]

In the meantime, would you recommend changing the permissions on the runtime dir to get weston running again?

[Copilot]

Pull request overview

This PR addresses a security concern by changing the permissions of the XDG_RUNTIME_DIR directory from world-accessible (0777) to user-only access (0700), as reported in issue #12884.

Changes:

• Modified the chmod call for XDG_RUNTIME_DIR from 0777 to 0700 for improved security

Comments suppressed due to low confidence (2)

WSLGd/main.cpp:290

• The c_dbusDir is also set with overly permissive 0777 permissions on line 290. Since this directory is owned by the same user (passwordEntry->pw_uid) as c_xdgRuntimeDir (line 289), it should similarly be restricted to 0700 for consistency and security.

    THROW_LAST_ERROR_IF(chmod(c_dbusDir, 0777) < 0);

WSLGd/main.cpp:293

• The c_x11RuntimeDir uses overly permissive 0777 permissions without ownership assignment. Unlike c_xdgRuntimeDir which has chown applied, this directory has no ownership set and allows world-write access. Consider whether these permissions are necessary or if they should be restricted.

    THROW_LAST_ERROR_IF(chmod(c_x11RuntimeDir, 0777) < 0);

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[benhillis]

I'm not 100% sure we can make this change. We need to test creating a user whos UID does not equal 1000 and make sure GUI apps work for them.

[gotnone]

@benhillis It is entirely possible that this is the wrong approach. However, won't this permission issue become a much larger problem as more distros move to systemd 256+?