GNU bug report logs -
#24489
efaq: security risks
Previous Next
Reported by: Glenn Morris <rgm <at> gnu.org>
Date: Tue, 20 Sep 2016 22:49:02 UTC
Severity: minor
Tags: security
Found in version 25.1
Fixed in version 29.1
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Full log
Message #3 received at submit <at> debbugs.gnu.org (full text, mbox):
Package: emacs
Severity: minor
Tags: security
Version: 25.1
The (very crufty) Emacs FAQ contains a section:
"Are there any security risks in Emacs?"
The stuff about movemail and synthetic X events is archaic.
There is no mention of the more current problems:
1) installing a package runs arbitrary code
Better make sure you trust whoever gave you that package (gpg signing)
and how you got it (https), etc.
2) using an Emacs mail client to view HTML mail is a security risk if remote
content is fetched (I think it isn't by default, but this might not
apply to every client)
3) viewing remote HTML content (eg with eww or xwidgets) is likewise a
potential security risk.
This bug report was last modified 3 years and 191 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.