bug#6953: 24.0.50; serious security bug in create backup files

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#6953: 24.0.50; serious security bug in create backup files

From:	markd
Subject:	bug#6953: 24.0.50; serious security bug in create backup files
Date:	Wed, 29 Sep 2010 07:25:31 -0700

Just to clarify, this is the fallback backup file, ~/%backup%~,
not backup files in general.

The current approach provides an very limited and arbitrary approach to 
preventing data lose:

  - there only one ~/%backup%~ so it's arbitrary from the users prospective
    which buffer actually gets a fallback backup.

  - these is no control over where this is saved, it may very well be
    the file system were the primary backup file could not be created
    due to lack of disk space.

My experience in over 20 years of using emacs, this has never
been of any value.

The down side of the current implementation is extremely
serious, potentially exposing private or sensitive data to all
users of the file system.  In my case, exposing a mail box to
hundreds of users.  I would argue that this is far more serious
a problem than the very limited data lose prevent provided
by the current implementation.

thanks much for how seriously this is being taken,
mark

Richard Stallman <rms@gnu.org> writes:
>     > Do you mean, make no backup file at all.
> 
>     Yeah.
> 
> To make no backup file seems like a gross insecurity to me.

,

[Prev in Thread]

Current Thread

[Next in Thread]

bug#6953: 24.0.50; serious security bug in create backup files, (continued)

Prev by Date: bug#6953: 24.0.50; serious security bug in create backup files
Next by Date: bug#6963: More usecases, patch attached
Previous by thread: bug#6953: 24.0.50; serious security bug in create backup files
Next by thread: bug#6948: 23.1; incorrect documentation for desktop-save-mode
Index(es):
- Date
- Thread