From 062b2cdc8b275fc7bfb5a87e025cba235bbdd868 Mon Sep 17 00:00:00 2001 From: viyatb-oai Date: Mon, 5 Jan 2026 15:48:05 -0800 Subject: [PATCH 01/12] Append arg0 helper path entries --- codex-rs/arg0/src/lib.rs | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/codex-rs/arg0/src/lib.rs b/codex-rs/arg0/src/lib.rs index 6b60536413c..5d0e3df4bae 100644 --- a/codex-rs/arg0/src/lib.rs +++ b/codex-rs/arg0/src/lib.rs @@ -149,7 +149,20 @@ where /// IMPORTANT: This function modifies the PATH environment variable, so it MUST /// be called before multiple threads are spawned. pub fn prepend_path_entry_for_codex_aliases() -> std::io::Result { - let temp_dir = TempDir::new()?; + let codex_home = codex_core::config::find_codex_home()?; + let temp_root = std::env::temp_dir(); + if codex_home.starts_with(&temp_root) { + return Err(std::io::Error::new( + std::io::ErrorKind::InvalidInput, + format!( + "Refusing to create helper binaries under temporary dir {temp_root:?} (codex_home: {codex_home:?})" + ), + )); + } + std::fs::create_dir_all(&codex_home)?; + let temp_dir = tempfile::Builder::new() + .prefix("codex-arg0") + .tempdir_in(codex_home)?; let path = temp_dir.path(); for filename in &[ @@ -190,7 +203,7 @@ pub fn prepend_path_entry_for_codex_aliases() -> std::io::Result { let path_element = path.display(); let updated_path_env_var = match std::env::var("PATH") { Ok(existing_path) => { - format!("{path_element}{PATH_SEPARATOR}{existing_path}") + format!("{existing_path}{PATH_SEPARATOR}{path_element}") } Err(_) => { format!("{path_element}") From a5e49f620200fc84c46db4e7ef10aa94fa3827c6 Mon Sep 17 00:00:00 2001 From: viyatb-oai Date: Mon, 5 Jan 2026 20:05:31 -0800 Subject: [PATCH 02/12] Restore arg0 helper path precedence --- codex-rs/arg0/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codex-rs/arg0/src/lib.rs b/codex-rs/arg0/src/lib.rs index 5d0e3df4bae..b41e5bba659 100644 --- a/codex-rs/arg0/src/lib.rs +++ b/codex-rs/arg0/src/lib.rs @@ -203,7 +203,7 @@ pub fn prepend_path_entry_for_codex_aliases() -> std::io::Result { let path_element = path.display(); let updated_path_env_var = match std::env::var("PATH") { Ok(existing_path) => { - format!("{existing_path}{PATH_SEPARATOR}{path_element}") + format!("{path_element}{PATH_SEPARATOR}{existing_path}") } Err(_) => { format!("{path_element}") From 7fa8353a2a5190868dda54c695170fa54e9531c4 Mon Sep 17 00:00:00 2001 From: viyatb-oai Date: Tue, 6 Jan 2026 11:02:52 -0800 Subject: [PATCH 03/12] Skip temp dir guard in debug builds --- codex-rs/arg0/src/lib.rs | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/codex-rs/arg0/src/lib.rs b/codex-rs/arg0/src/lib.rs index b41e5bba659..069347a2b31 100644 --- a/codex-rs/arg0/src/lib.rs +++ b/codex-rs/arg0/src/lib.rs @@ -150,14 +150,17 @@ where /// be called before multiple threads are spawned. pub fn prepend_path_entry_for_codex_aliases() -> std::io::Result { let codex_home = codex_core::config::find_codex_home()?; - let temp_root = std::env::temp_dir(); - if codex_home.starts_with(&temp_root) { - return Err(std::io::Error::new( - std::io::ErrorKind::InvalidInput, - format!( - "Refusing to create helper binaries under temporary dir {temp_root:?} (codex_home: {codex_home:?})" - ), - )); + #[cfg(not(debug_assertions))] + { + let temp_root = std::env::temp_dir(); + if codex_home.starts_with(&temp_root) { + return Err(std::io::Error::new( + std::io::ErrorKind::InvalidInput, + format!( + "Refusing to create helper binaries under temporary dir {temp_root:?} (codex_home: {codex_home:?})" + ), + )); + } } std::fs::create_dir_all(&codex_home)?; let temp_dir = tempfile::Builder::new() From 4e219f85e8005b1d341d854a9e4cfc987add07d5 Mon Sep 17 00:00:00 2001 From: viyatb-oai Date: Tue, 6 Jan 2026 11:03:05 -0800 Subject: [PATCH 04/12] Clarify debug guard in arg0 docs --- codex-rs/arg0/src/lib.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/codex-rs/arg0/src/lib.rs b/codex-rs/arg0/src/lib.rs index 069347a2b31..348fa1ab840 100644 --- a/codex-rs/arg0/src/lib.rs +++ b/codex-rs/arg0/src/lib.rs @@ -145,6 +145,7 @@ where /// that `apply_patch` can be on the PATH without requiring the user to /// install a separate `apply_patch` executable, simplifying the deployment of /// Codex CLI. +/// Note: In debug builds the temp-dir guard is disabled to ease local testing. /// /// IMPORTANT: This function modifies the PATH environment variable, so it MUST /// be called before multiple threads are spawned. From 09b629e8832256c86e4c54d27bc10dcb7893bf14 Mon Sep 17 00:00:00 2001 From: viyatb-oai Date: Tue, 6 Jan 2026 19:13:54 -0800 Subject: [PATCH 05/12] Scope arg0 helper temp dirs --- codex-rs/arg0/src/lib.rs | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/codex-rs/arg0/src/lib.rs b/codex-rs/arg0/src/lib.rs index 348fa1ab840..70a91d34ee5 100644 --- a/codex-rs/arg0/src/lib.rs +++ b/codex-rs/arg0/src/lib.rs @@ -163,10 +163,19 @@ pub fn prepend_path_entry_for_codex_aliases() -> std::io::Result { )); } } + std::fs::create_dir_all(&codex_home)?; + let temp_root = codex_home.join("tmp").join("path"); + std::fs::create_dir_all(&temp_root)?; + #[cfg(unix)] + { + use std::os::unix::fs::PermissionsExt; + + std::fs::set_permissions(&temp_root, std::fs::Permissions::from_mode(0o700))?; + } let temp_dir = tempfile::Builder::new() .prefix("codex-arg0") - .tempdir_in(codex_home)?; + .tempdir_in(&temp_root)?; let path = temp_dir.path(); for filename in &[ From 24fcda4af05b1da39d73203d200dfca01bc533e9 Mon Sep 17 00:00:00 2001 From: viyatb-oai Date: Tue, 6 Jan 2026 19:14:01 -0800 Subject: [PATCH 06/12] Use CODEX_HOME tmp for TMPDIR --- codex-rs/arg0/src/lib.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/codex-rs/arg0/src/lib.rs b/codex-rs/arg0/src/lib.rs index 70a91d34ee5..99eb0880afa 100644 --- a/codex-rs/arg0/src/lib.rs +++ b/codex-rs/arg0/src/lib.rs @@ -172,6 +172,10 @@ pub fn prepend_path_entry_for_codex_aliases() -> std::io::Result { use std::os::unix::fs::PermissionsExt; std::fs::set_permissions(&temp_root, std::fs::Permissions::from_mode(0o700))?; + // Prefer a CODEX_HOME-scoped temp directory for this process. + unsafe { + std::env::set_var("TMPDIR", &temp_root); + } } let temp_dir = tempfile::Builder::new() .prefix("codex-arg0") From 82c69f9b0ae82b2d0a0ff311c63616050c09c4bb Mon Sep 17 00:00:00 2001 From: viyatb-oai Date: Tue, 6 Jan 2026 21:37:07 -0800 Subject: [PATCH 07/12] Tidy arg0 TMPDIR block spacing --- codex-rs/arg0/src/lib.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/codex-rs/arg0/src/lib.rs b/codex-rs/arg0/src/lib.rs index 99eb0880afa..475a27a2d08 100644 --- a/codex-rs/arg0/src/lib.rs +++ b/codex-rs/arg0/src/lib.rs @@ -177,6 +177,7 @@ pub fn prepend_path_entry_for_codex_aliases() -> std::io::Result { std::env::set_var("TMPDIR", &temp_root); } } + let temp_dir = tempfile::Builder::new() .prefix("codex-arg0") .tempdir_in(&temp_root)?; From 07a545601823bd2427860a6b6c255320068d8874 Mon Sep 17 00:00:00 2001 From: viyatb-oai Date: Tue, 6 Jan 2026 21:37:16 -0800 Subject: [PATCH 08/12] Annotate arg0 temp dir setup --- codex-rs/arg0/src/lib.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/codex-rs/arg0/src/lib.rs b/codex-rs/arg0/src/lib.rs index 475a27a2d08..8f94a214f27 100644 --- a/codex-rs/arg0/src/lib.rs +++ b/codex-rs/arg0/src/lib.rs @@ -165,12 +165,14 @@ pub fn prepend_path_entry_for_codex_aliases() -> std::io::Result { } std::fs::create_dir_all(&codex_home)?; + // Use a CODEX_HOME-scoped temp root to avoid cluttering the top-level directory. let temp_root = codex_home.join("tmp").join("path"); std::fs::create_dir_all(&temp_root)?; #[cfg(unix)] { use std::os::unix::fs::PermissionsExt; + // Ensure only the current user can access the temp directory. std::fs::set_permissions(&temp_root, std::fs::Permissions::from_mode(0o700))?; // Prefer a CODEX_HOME-scoped temp directory for this process. unsafe { From d884669ed173e31b99a66b396413a1b3db37adc9 Mon Sep 17 00:00:00 2001 From: viyatb-oai Date: Tue, 6 Jan 2026 21:37:24 -0800 Subject: [PATCH 09/12] Document tmp dir guard --- codex-rs/arg0/src/lib.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/codex-rs/arg0/src/lib.rs b/codex-rs/arg0/src/lib.rs index 8f94a214f27..959b6373c1d 100644 --- a/codex-rs/arg0/src/lib.rs +++ b/codex-rs/arg0/src/lib.rs @@ -153,6 +153,7 @@ pub fn prepend_path_entry_for_codex_aliases() -> std::io::Result { let codex_home = codex_core::config::find_codex_home()?; #[cfg(not(debug_assertions))] { + // Guard against placing helpers in system temp directories outside debug builds. let temp_root = std::env::temp_dir(); if codex_home.starts_with(&temp_root) { return Err(std::io::Error::new( From e5cabbbc27209caf25f70295b3c0862671cc51e5 Mon Sep 17 00:00:00 2001 From: viyatb-oai Date: Tue, 6 Jan 2026 21:46:34 -0800 Subject: [PATCH 10/12] Tidy tmp-dir guard spacing --- codex-rs/arg0/src/lib.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/codex-rs/arg0/src/lib.rs b/codex-rs/arg0/src/lib.rs index 959b6373c1d..3b1c8f040d7 100644 --- a/codex-rs/arg0/src/lib.rs +++ b/codex-rs/arg0/src/lib.rs @@ -162,6 +162,7 @@ pub fn prepend_path_entry_for_codex_aliases() -> std::io::Result { "Refusing to create helper binaries under temporary dir {temp_root:?} (codex_home: {codex_home:?})" ), )); + } } From 8028c49cc3139da3d0c0ffd62415d945e319bb3d Mon Sep 17 00:00:00 2001 From: viyatb-oai Date: Wed, 7 Jan 2026 11:40:11 -0800 Subject: [PATCH 11/12] remove newline cargo fmt fix --- codex-rs/arg0/src/lib.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/codex-rs/arg0/src/lib.rs b/codex-rs/arg0/src/lib.rs index 3b1c8f040d7..959b6373c1d 100644 --- a/codex-rs/arg0/src/lib.rs +++ b/codex-rs/arg0/src/lib.rs @@ -162,7 +162,6 @@ pub fn prepend_path_entry_for_codex_aliases() -> std::io::Result { "Refusing to create helper binaries under temporary dir {temp_root:?} (codex_home: {codex_home:?})" ), )); - } } From 1a380572d8b3c05a54372f9f7f656ff5e72e728e Mon Sep 17 00:00:00 2001 From: viyatb-oai Date: Fri, 9 Jan 2026 11:13:45 -0800 Subject: [PATCH 12/12] avoid setting TMPDIR --- codex-rs/arg0/src/lib.rs | 4 ---- 1 file changed, 4 deletions(-) diff --git a/codex-rs/arg0/src/lib.rs b/codex-rs/arg0/src/lib.rs index 959b6373c1d..bf2f7afb7cc 100644 --- a/codex-rs/arg0/src/lib.rs +++ b/codex-rs/arg0/src/lib.rs @@ -175,10 +175,6 @@ pub fn prepend_path_entry_for_codex_aliases() -> std::io::Result { // Ensure only the current user can access the temp directory. std::fs::set_permissions(&temp_root, std::fs::Permissions::from_mode(0o700))?; - // Prefer a CODEX_HOME-scoped temp directory for this process. - unsafe { - std::env::set_var("TMPDIR", &temp_root); - } } let temp_dir = tempfile::Builder::new()