GNU bug report logs - #51327
28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on-demand

Previous Next

Package: emacs;

Reported by: Jim Porter <jporterbugs <at> gmail.com>

Date: Fri, 22 Oct 2021 04:59:02 UTC

Severity: normal

Tags: security

Found in version 28.0.60

Full log

Message #22 received at 51327 <at> debbugs.gnu.org (full text, mbox):

From: Ulrich Mueller <ulm <at> gentoo.org>
To: Jim Porter <jporterbugs <at> gmail.com>
Cc: 51327 <at> debbugs.gnu.org
Subject: Re: bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR
 when starting daemon on demand
Date: Fri, 05 Nov 2021 19:05:17 +0100

Can someone please explain to me how an exploit on the _client_ side
would look like?

When starting the server, I can believe that there may be some surface
for a symlink attack. But once the daemon is running? What is the
security issue for the client checking TMPDIR?

This bug report was last modified 2 years and 284 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #51327 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on-demand

GNU bug report logs - #51327
28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on-demand