fix(cli): CLI errors when run as a non-existent user

[corymhall]

The CDK home directory was being created in the users home directory,
but this causes an error if for some reason the user does not have a
home directory.

This PR adds some fallback logic so that if the users home directory does not exist it will fall back to
creating a tmp directory.

fix #7937

---

All Submissions:

• Have you followed the guidelines in our Contributing guide?

Adding new Unconventional Dependencies:

• This PR adds new unconventional dependencies following the process described here

New Features

• Have you added the new feature to an integration test?
  • Did you use yarn integ to deploy the infrastructure and generate the snapshot (i.e. yarn integ without --dry-run)?

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[gitpod-io]

[laurelmay]

There are generally security concerns about having predictable and well-known directories in /tmp. /tmp is world readable and writeable in most cases and hosts may have multiple users. This could result in sharing /tmp/.cdk improperly or perhaps even permissions issues over that particular directory (allowing for a potential accidental DoS?). Even worse, not all users on a host may be friendly. CVEs have been issued to other tools for making similar decisions in the past, such as CVE-2019-3881 or CVE-2020-10870; and in an extreme case not applicable to the CDK today since no cached data seems to be executed, CVE-2020-10174. One could still imagine editing notices.json to insert additional text or improperly gleaning information from account_partitions.json; or even just accidentally having someone else own the file.

This feels like potentially making things harder (or less secure) for the vast majority of users to improve the use case where a user doesn't have a home directory. It may be preferable to use the user's home directory if available and to fallback to a temporary directory. And in that case, it's likely better to use fs.mkdtemp. It'd linger after the fact if not cleaned up but at least it'd be fresh and unpolluted on startup. Something like $XDG_RUNTIME_DIR might be nice too but that's not especially portable outside of a Linux-y environment so mkdtemp may be reasonable.

[corymhall]

There are generally security concerns about having predictable and well-known directories in /tmp

I've updated it to have some fallback logic. It will first try and use the home directory and fall back to creating a tmp dir.

[rix0rrr]

Why don't we just use the tmpdir proper as the CDK home dir, instead of creating a one-use directory inside it?

if (process.env.CDK_HOME) {
  return path.resolve(process.env.CDK_HOME);
}

let cdkParent;
try {
  cdkParent = os.userInfo().homedir ?? os.homedir();
} catch (e) {
  cdkParent = os.tmpdir();
  debug(`Error retrieving home dir, falling back to temp dir: ${e}`);
}

return path.join(cdkParent, '.cdk');

[rix0rrr]

I stand corrected, should have read the thread.

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: 71fec5b
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).