[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: emacsclient startup messages

From: Jim Porter
Subject: Re: emacsclient startup messages
Date: Sat, 6 Nov 2021 11:40:09 -0700

On 11/6/2021 4:35 AM, Pedro Andres Aranda Gutierrez wrote:
hmmm... from a user's perspective I really don't know what I gain by having emacs running as a daemon if I boot up my laptop to say watch a film or listen to a recording from my satellite PVR just for the fun of it.

This is roughly in line with how I use Emacs too: I start it up, I edit stuff, and then when I'm done (which may take anywhere from a few minutes to a few weeks), I close Emacs entirely.

However, for the issue of these startup messages, I think the main thing we need to do here is to figure out whether the XDG_RUNTIME_DIR warning is a legitimate warning (i.e. it's informing the user that they're vulnerable to a symlink attack), and then either a) fix the vulnerability or b) remove the warning if there's no vuln.

I'm not an expert on this sort of security analysis, so I can't really say for sure whether this is a real vulnerability. However, Paul Eggert's message[1] agrees it *is* insecure, so it should be fixed (somehow). The question then would be how to close the vulnerability while supporting the behavior that Gentoo would like (see Ulrich's messages).

- Jim

[1] https://lists.gnu.org/archive/html/bug-gnu-emacs/2021-10/msg02641.html

reply via email to

[Prev in Thread] Current Thread [Next in Thread]