More safe per-user location for temp files for single-file-apps?

[omajid]

This is a comment on #2329:

It seems like $TMPDIR is only system-wide on Linux. Both macOS and Windows have a user-specific temp.

So, for Linux, can you help me understand why we are using an error prone approach where /tmp/.net (with a predictable name, susceptible to collisions and other attacks) is used? Wouldn't it be more secure to fall back to a user-specific path? $XDG_CACHE_HOME (falling back to $HOME/.cache/) seems like a location that would be much less susceptible attacks and accidental clashes.

Also, most recent distributions treat /tmp as temporary. systemd, for example, wipes things older than 10 days on /tmp/ on my machine. Compare this with the persistent $HOME/.cache. On the other hand, if we want things cleaned up, using the more secure /run/user/$UID (created on user login, secure without races) seems like the better way to go.

cc @tmds @swaroop-sridhar @jkotas @lpereira @danmosemsft

Tagging subscribers to this area: @vitek-karas, @swaroop-sridhar
Notify danmosemsft if you want to be subscribed.

[tmds]

@omajid .net 5 design is described in https://github.com/dotnet/designs/blob/master/accepted/2020/single-file/extract.md.

Per this design, /var/tmp is preferred over XDG_CACHE_HOME because /var/tmp is cleaned up.

Personally, I prefer XDG_CACHE_HOME to avoid any multi-user issues, and leave it to the user to clean it up. But I understand the rationale for using the /var/tmp location (the benefit of auto clean-up).

Tagging subscribers to this area: @swaroop-sridhar
Notify danmosemsft if you want to be subscribed.

[swaroop-sridhar]

.net 5 will support running managed apps directly from bundle. This is expected to enable most apps to run without the need for extraction. Once this feature is completed, we should reconsider whether we need reusable extraction at a predictable location. Otherwise, we can extract to user-specific directories and (attempt to) remove them each run.

[omajid]

I understand the plan for .NET 5 (basically get rid of extraction and remove this entire issue). However, that still leaves all users of 3.1 (LTS) with this set of failures involving multiple users.

In particular, #2329 says it's being ported to release/3.1.

[vitek-karas]

I think this is now fixed on all supported releases (3.1, 5, and 6) by moving the default extraction directory to $HOME/.net. The 6.0 change was done in this PR: #53374.

[omajid]

I think this is now fixed on all supported releases (3.1, 5, and 6) by moving the default extraction directory to $HOME/.net. The 6.0 change was done in this PR: #53374.

Do you know why .net was picked when there are already other similar directories in use, specially .dotnet? Why the dot-directory proliferation?