[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#6953: 24.0.50; serious security bug in create backup files
From: |
markd |
Subject: |
bug#6953: 24.0.50; serious security bug in create backup files |
Date: |
Wed, 29 Sep 2010 07:25:31 -0700 |
Just to clarify, this is the fallback backup file, ~/%backup%~,
not backup files in general.
The current approach provides an very limited and arbitrary approach to
preventing data lose:
- there only one ~/%backup%~ so it's arbitrary from the users prospective
which buffer actually gets a fallback backup.
- these is no control over where this is saved, it may very well be
the file system were the primary backup file could not be created
due to lack of disk space.
My experience in over 20 years of using emacs, this has never
been of any value.
The down side of the current implementation is extremely
serious, potentially exposing private or sensitive data to all
users of the file system. In my case, exposing a mail box to
hundreds of users. I would argue that this is far more serious
a problem than the very limited data lose prevent provided
by the current implementation.
thanks much for how seriously this is being taken,
mark
Richard Stallman <rms@gnu.org> writes:
> > Do you mean, make no backup file at all.
>
> Yeah.
>
> To make no backup file seems like a gross insecurity to me.
,
- bug#6953: 24.0.50; serious security bug in create backup files, (continued)
- bug#6953: 24.0.50; serious security bug in create backup files, Stefan Monnier, 2010/09/09
- bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/09
- bug#6953: 24.0.50; serious security bug in create backup files, Eli Zaretskii, 2010/09/13
- bug#6953: 24.0.50; serious security bug in create backup files, Lennart Borgman, 2010/09/13
- bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/21
- bug#6953: 24.0.50; serious security bug in create backup files, Chong Yidong, 2010/09/25
- bug#6953: 24.0.50; serious security bug in create backup files, Richard Stallman, 2010/09/26
- bug#6953: 24.0.50; serious security bug in create backup files, Chong Yidong, 2010/09/28
- bug#6953: 24.0.50; serious security bug in create backup files, Richard Stallman, 2010/09/29
- bug#6953: 24.0.50; serious security bug in create backup files, Eli Zaretskii, 2010/09/29
- bug#6953: 24.0.50; serious security bug in create backup files,
markd <=