Phil Sainty <psainty@orcon.net.nz> writes:
In fact if you normally run emacs as a server you're opening up the
same security risk, no? An attacker who could send a signal to an
emacs process can also run emacsclient to access an existing server;
and I don't think we consider the practice of running an emacs server
to be a terrible security risk.
What if this hypothetical emacs was deliberately started without a
server running, since it contains sensitive information? Starting a
server when receiving a signal has now opened up access to that emacs
where none existed before.