|
From: | Glenn Morris |
Subject: | bug#29182: CVE-2017-1000383: umask and backup files |
Date: | Mon, 06 Nov 2017 16:56:18 -0500 |
User-agent: | Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
Package: emacs Version: 25.3 Tags: security https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000383 GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. [I'm not sure why this apparently hasn't been reported here before now?]
[Prev in Thread] | Current Thread | [Next in Thread] |