GNU bug report logs - #29182
CVE-2017-1000383: umask and backup files

Previous Next

Package: emacs;

Reported by: Glenn Morris <rgm <at> gnu.org>

Date: Mon, 6 Nov 2017 21:57:02 UTC

Severity: normal

Tags: notabug, security, wontfix

Found in version 25.3

Done: Stefan Kangas <stefan <at> marxist.se>

Bug is archived. No further changes may be made.

Full log

Message #27 received at 29182 <at> debbugs.gnu.org (full text, mbox):

From: Stefan Kangas <stefan <at> marxist.se>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 29182 <at> debbugs.gnu.org, Eli Zaretskii <eliz <at> gnu.org>
Subject: Re: bug#29182: CVE-2017-1000383: umask and backup files
Date: Tue, 8 Oct 2019 11:24:55 +0200

Glenn Morris <rgm <at> gnu.org> writes:

> It is a silly CVE, but IMO backups belong by default in a private
> subdirectory of user-emacs-directory (user-data-directory if such a
> thing existed).

That's what I do, personally.  But it's not unproblematic to do that
by default, in my opinion.  What if I'm editing a file on an encrypted
filesystem, thinking that it's safe there, and Emacs silently saves a
copy of said file in my home directory on an unencrypted file system?

Best regards,
Stefan Kangas

This bug report was last modified 4 years and 347 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #29182 CVE-2017-1000383: umask and backup files

GNU bug report logs - #29182
CVE-2017-1000383: umask and backup files