Re: Emacs in a Corporate Environment

[Michael Albinus]

Marcin Borkowski <mbork@mbork.pl> writes:

Hi Marcin,

>> Hopefully, others will answer and/or help corroborate (or refine) my
>> answers.  Don't be embarrassed.  It's embarrassing that
>
> I guess some internet beast swallowed the rest of your letter, but
> I second the message that OP should /not/ be embarrassed.  Silly jokes
> aside, the question is a valid one.  In fact, there is one area I am
> a bit afraid of wrt Emacs & security, and if I may hijack the thread (a
> bit), let me ask this: if I edit remote files via TRAMP, can I be sure
> not even partial copy of data from the server ends up on my local drive,
> e.g. in /tmp?

You can be sure that a copy of your remote data end up in your local
drive in /tmp. Tramp is busy to clenaup after the operations, but there
is no guarantee that it will cover everything. And if somebody calls
`file-local-copy' of a remote file, this ends up in your /tmp by
intention of the caller.

> Also, one area one should be probably /very/ careful are packages which
> save "Emacs session" to disk.  If the "session" includes the kill ring,
> it may happen (/especially/ if one uses TRAMP to edit remote .env files
> and similar stuff) that some password ends up there, which could be
> a /very/ serious leakage.

I cannot speak about environment files, but Tramp is very careful about
passwords. It has delegated password handling completely to
auth-source.el, which manages all kind of passwords, locally or
remote. So passwords is not an exclusive Tramp problem.

> Best,

Best regards, Michael.