Skip to content

fix: harden arg0 helper PATH handling #8766

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
viyatb-oai wants to merge 11 commits into
base: main
Choose a base branch
from
Open

fix: harden arg0 helper PATH handling #8766

viyatb-oai wants to merge 11 commits into from
+35 −1

Conversation

@viyatb-oai
Copy link

@viyatb-oai viyatb-oai commented Jan 5, 2026
edited
Loading

Motivation

  • Avoid placing PATH entries under the system temp directory by creating the helper directory under CODEX_HOME instead of std::env::temp_dir().
  • Fail fast on unsafe configuration by rejecting CODEX_HOME values that live under the system temp root to prevent writable PATH entries.

Testing

  • Ran just fmt, which completed with a non-blocking imports_granularity warning.
  • Ran just fix -p codex-arg0 (Clippy fixes) which completed successfully.
  • Ran cargo test -p codex-arg0 and the test run completed successfully.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 5, 2026
edited
Loading

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

@viyatb-oai viyatb-oai changed the title Append arg0 helper PATH entry and harden helper directory under CODEX_HOME Harden arg0 helper PATH handling Jan 5, 2026
@viyatb-oai viyatb-oai changed the title Harden arg0 helper PATH handling fix: harden arg0 helper PATH handling Jan 5, 2026
@viyatb-oai
Copy link
Author

viyatb-oai commented Jan 5, 2026

I have read the CLA Document and I hereby sign the CLA

github-actions bot added a commit that referenced this pull request Jan 5, 2026
@github-actions
@viyatb-oai has signed the CLA in #8766
9aaf976
@viyatb-oai viyatb-oai marked this pull request as ready for review January 6, 2026 00:04
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Jan 6, 2026
View reviewed changes
Copy link
Contributor

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 062b2cdc8b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@bolinfest
Copy link
Collaborator

bolinfest commented Jan 6, 2026

It looks like command_execution_notifications_include_process_id failed on both Linux builds.

bolinfest
bolinfest reviewed Jan 6, 2026
View reviewed changes
bolinfest
bolinfest reviewed Jan 6, 2026
View reviewed changes
codex-rs/arg0/src/lib.rs Outdated
Comment on lines 163 to 165
let temp_dir = tempfile::Builder::new()
.prefix("codex-arg0")
.tempdir_in(codex_home)?;
Copy link
Collaborator

@bolinfest bolinfest Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I worry that this may make a bit of a mess of things in $CODEX_HOME if codex crashes and these temp dirs do not get cleaned up.

I feel like we should create $CODEX_HOME/tmp (or maybe some other name?) first and then use that as the argument to tempdir_in().

While this specific TempDir is designed to be a $PATH entry, I have wondered whether we should also create an entry under $CODEX_HOME to use when $TMP_DIR is not defined (which is often the case on Linux) so that it is preferred over /tmp, though I'm not sure how many libraries would actually honor that.

Anyway, the point being, if we introduced $CODEX_HOME/tmp, perhaps we would want different subfolders for different purposes, so we might want this to be $CODEX_HOME/tmp/path, for example.

What do you think?

Also, should we chmod this folder at all?

Copy link
Author

@viyatb-oai viyatb-oai Jan 6, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I worry that this may make a bit of a mess of things in $CODEX_HOME if codex crashes and these temp dirs do not get cleaned up.

I agree if codex crashes it might mess up cleaning of the temp directories.

While this specific TempDir is designed to be a $PATH entry, I have wondered whether we should also create an entry under $CODEX_HOME to use when $TMP_DIR is not defined (which is often the case on Linux) so that it is preferred over /tmp, though I'm not sure how many libraries would actually honor that.

true, I forgot about the linux usecase here.

Also, should we chmod this folder at all?

good catch, yes!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bolinfest bolinfest bolinfest left review comments

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@viyatb-oai @bolinfest