[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#24489: efaq: security risks
|
From: |
Glenn Morris |
|
Subject: |
bug#24489: efaq: security risks |
|
Date: |
Tue, 20 Sep 2016 18:48:06 -0400 |
|
User-agent: |
Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
Package: emacs
Severity: minor
Tags: security
Version: 25.1
The (very crufty) Emacs FAQ contains a section:
"Are there any security risks in Emacs?"
The stuff about movemail and synthetic X events is archaic.
There is no mention of the more current problems:
1) installing a package runs arbitrary code
Better make sure you trust whoever gave you that package (gpg signing)
and how you got it (https), etc.
2) using an Emacs mail client to view HTML mail is a security risk if remote
content is fetched (I think it isn't by default, but this might not
apply to every client)
3) viewing remote HTML content (eg with eww or xwidgets) is likewise a
potential security risk.
- bug#24489: efaq: security risks,
Glenn Morris <=