[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#6953: 24.0.50; serious security bug in create backup files

From: markd
Subject: bug#6953: 24.0.50; serious security bug in create backup files
Date: Thu, 2 Sep 2010 00:05:30 -0700

Hi Glenn

Glenn Morris <address@hidden> writes:
> I don't think it is necessary for this to be configurable because it
> is just a fallback in case of error. Eg you can customize
> backup-directory-alist to control where backups normally go.

Not necessary, but useful if you have something like a very
small amount of space on the home file system or to put it in a
protected directory.  Also, it's just emacs-like to have all of
this stuff in variable.

I am still concerned about the window you mention in this fix.
IMHO, it's much worse to reveal sensitive data that to just lose
changes to it.  There should at least be an option to completely
disable the ~/%backup%~ functionality.

Oh, wait, it doesn't look like there is a problem with your patch,
only the comment ;-)   backup-buffer-copy says:

          ;; Create temp files with strict access rights.  It's easy to
          ;; loosen them later, whereas it's impossible to close the
          ;; time-window of loose permissions otherwise.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]