[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#17187: open-dribble-file stores pw

From: Stefan Monnier
Subject: bug#17187: open-dribble-file stores pw
Date: Sat, 05 Apr 2014 18:02:53 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux)

>>> As suggested a decade ago,
>>> http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html
>>> the dribble file should be created with file permission bits = 600.
>> Very much agreed.
> PS maybe it should also abort with an error if the file already exists
> (and is a symlink or is not owned by the current user?).

You mean it should be created with EXCL?
Maybe.  Then again, AFAIK this is only used for debugging purposes, so
I'm not sure it's that important and you could assume that the user will
normally specify a file in a directory she owns, where the attacker
shouldn't be able to place a surreptitious symlink.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]