Resolve $TMPDIR on macOS instead of granting broad /var/folders access

Richard Feldman created 

Replace the blanket /var/folders read-write path with the resolved $TMPDIR
environment variable, which points to the per-user, per-session temp
directory (e.g. /private/var/folders/xx/xxxx/T/). This prevents the sandbox
from granting read-write access to all users' temp files on the system.

Change summary

crates/sandbox/src/sandbox.rs | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)

Detailed changes

crates/sandbox/src/sandbox.rs 🔗 

@@ -144,12 +144,21 @@ impl ResolvedSystemPaths {
 
     #[cfg(target_os = "macos")]
     fn default_read_write() -> Vec<PathBuf> {
-        vec![
-            "/dev".into(),
-            "/private/tmp".into(),
-            "/var/folders".into(),
-            "/private/var/run/mDNSResponder".into(),
-        ]
+        let mut paths = vec![
+            PathBuf::from("/dev"),
+            PathBuf::from("/private/tmp"),
+            PathBuf::from("/private/var/run/mDNSResponder"),
+        ];
+        // Resolve $TMPDIR to the per-user, per-session temp directory
+        // (e.g. /private/var/folders/xx/xxxx/T/) rather than granting
+        // broad access to all of /var/folders.
+        if let Ok(tmpdir) = std::env::var("TMPDIR") {
+            let tmpdir = PathBuf::from(tmpdir);
+            if tmpdir.exists() {
+                paths.push(tmpdir);
+            }
+        }
+        paths
     }
 
     #[cfg(target_os = "linux")]