GNU bug report logs - #6953
24.0.50; serious security bug in create backup files

Previous Next

Package: emacs;

Reported by: Mark Diekhans <markd <at> soe.ucsc.edu>

Date: Tue, 31 Aug 2010 06:13:02 UTC

Severity: important

Found in version 24.0.50

Done: Chong Yidong <cyd <at> stupidchicken.com>

Bug is archived. No further changes may be made.

Full log

Message #77 received at 6953 <at> debbugs.gnu.org (full text, mbox):

From: Mark Diekhans <markd <at> soe.ucsc.edu>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: 6953 <at> debbugs.gnu.org
Subject: Re: 24.0.50; serious security bug in create backup files
Date: Wed, 12 Jan 2011 09:56:01 -0800

Stefan Monnier <monnier <at> iro.umontreal.ca> writes:
> > When Emacs is forced into writing "~/%backup%~", it may expose protected
> > data to being read by others.
> 
> Regardless of what other problems there might be, such backups should
> probably go somewhere under ~/.emacs.d.

This makes a lot of sense, and makes it possible to redirect to
a different file system by setting user-emacs-directory.
However emacs doesn't protect ~/.emacs.d/ either if it when it
creates it.  This is also a security bug.  Even the names of
files being edit should not be made public, even if the
files are private.

Is there anything I can do to help?

Mark
This bug report was last modified 14 years and 204 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.