GNU bug report logs - #39563
default location of backup files

Previous Next

Package: emacs;

Reported by: Pedro Moreira <pedro.moreira <at> ipbeja.pt>

Date: Tue, 11 Feb 2020 14:42:04 UTC

Severity: normal

Tags: wontfix

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Dmitry Gutov <dgutov <at> yandex.ru>
To: Pedro Moreira <pedro.moreira <at> ipbeja.pt>, 39563 <at> debbugs.gnu.org
Subject: bug#39563: temp files
Date: Tue, 11 Feb 2020 17:15:10 +0200

On 11.02.2020 13:32, Pedro Moreira wrote:
> Therefore the code in that file is exposed. If an attacker tries to 
> access files like https://domain.com/index.php~ the server wont 
> interpret that file as php and presents it as plain text exposing the 
> source code.

Would it be better for the server to interpret it as PHP code and allow 
an arbitrary visitor to run whatever intermediary version of your code 
that's in the backup?

This bug report was last modified 3 years and 321 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #39563 default location of backup files

GNU bug report logs - #39563
default location of backup files