From dbdd709d5ed4d75520d09736b4f36566df25e190 Mon Sep 17 00:00:00 2001
From: YuviPanda <yuvipanda@gmail.com>
Date: Tue, 29 Oct 2019 14:31:12 -0700
Subject: [PATCH] Use a secure temp directory to put vnc server socket in

Helps get rid of the special VNC_APPLICATION_DIRECTORY
bit by bit
---
 jupyter_desktop/__init__.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/jupyter_desktop/__init__.py b/jupyter_desktop/__init__.py
index 029e09b..009b504 100644
--- a/jupyter_desktop/__init__.py
+++ b/jupyter_desktop/__init__.py
@@ -1,24 +1,29 @@
 import os
+import tempfile
 
 
 HERE = os.path.dirname(os.path.abspath(__file__))
 
 def setup_desktop():
     VNC_APPLICATION_DIR = os.path.join(os.getenv('CONDA_DIR'), 'vnc')
+    # make a secure temporary directory for sockets
+    # This is only readable, writeable & searchable by our uid
+    sockets_dir = tempfile.mkdtemp()
+    sockets_path = os.path.join(sockets_dir, 'vnc-socket')
     return {
         'command': [
             'websockify', '-v',
             '--web', VNC_APPLICATION_DIR + '/noVNC-1.1.0',
             '--heartbeat', '30',
             '5901',
-            '--unix-target', VNC_APPLICATION_DIR + '/socket',
+            '--unix-target', sockets_path,
             '--',
             VNC_APPLICATION_DIR + '/bin/vncserver',
             '-verbose',
             '-xstartup', os.path.join(HERE, 'share/xstartup'),
             '-geometry', '1024x768',
             '-SecurityTypes', 'None',
-            '-rfbunixpath', VNC_APPLICATION_DIR + '/socket',
+            '-rfbunixpath', sockets_path,
             '-fg',
             ':1',
         ],