bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#6953: 24.0.50; serious security bug in create backup files


From: Mark Diekhans
Subject: bug#6953: 24.0.50; serious security bug in create backup files
Date: Wed, 12 Jan 2011 09:56:01 -0800

Stefan Monnier <monnier@iro.umontreal.ca> writes:
> > When Emacs is forced into writing "~/%backup%~", it may expose protected
> > data to being read by others.
> 
> Regardless of what other problems there might be, such backups should
> probably go somewhere under ~/.emacs.d.

This makes a lot of sense, and makes it possible to redirect to
a different file system by setting user-emacs-directory.
However emacs doesn't protect ~/.emacs.d/ either if it when it
creates it.  This is also a security bug.  Even the names of
files being edit should not be made public, even if the
files are private.

Is there anything I can do to help?

Mark





reply via email to

[Prev in Thread] Current Thread [Next in Thread]