GNU bug report logs - #39563
default location of backup files

Previous Next

Package: emacs;

Reported by: Pedro Moreira <pedro.moreira <at> ipbeja.pt>

Date: Tue, 11 Feb 2020 14:42:04 UTC

Severity: normal

Tags: wontfix

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Pedro Moreira <pedro.moreira <at> ipbeja.pt>
To: bug-gnu-emacs <at> gnu.org
Subject: temp files
Date: Tue, 11 Feb 2020 11:32:56 +0000

Hello!

if a user edits a php file using emacs directly at the webserver, emacs 
automatically saves a temp file at the same location, for example the 
user opens index.php, emacs stores a copy index.php~.

Therefore the code in that file is exposed. If an attacker tries to 
access files like https://domain.com/index.php~ the server wont 
interpret that file as php and presents it as plain text exposing the 
source code.

I know this could be resolved with webserver configuration. But it is a 
problem i just discovered and leaves me very unconfortable using emacs.

Maybe should be better the temp file beying stored like index~.php or 
index.bck.php.

Thanks

This bug report was last modified 3 years and 322 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #39563 default location of backup files

GNU bug report logs - #39563
default location of backup files