[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#6953: 24.0.50; serious security bug in create backup files
From: |
Mark Diekhans |
Subject: |
bug#6953: 24.0.50; serious security bug in create backup files |
Date: |
Wed, 12 Jan 2011 09:56:01 -0800 |
Stefan Monnier <monnier@iro.umontreal.ca> writes:
> > When Emacs is forced into writing "~/%backup%~", it may expose protected
> > data to being read by others.
>
> Regardless of what other problems there might be, such backups should
> probably go somewhere under ~/.emacs.d.
This makes a lot of sense, and makes it possible to redirect to
a different file system by setting user-emacs-directory.
However emacs doesn't protect ~/.emacs.d/ either if it when it
creates it. This is also a security bug. Even the names of
files being edit should not be made public, even if the
files are private.
Is there anything I can do to help?
Mark