|
From: | Phil Sainty |
Subject: | bug#31709: 27.0.50; Wishlist: Perhaps Emacs should load a file when getting a particular signal? |
Date: | Wed, 06 Jun 2018 05:05:54 +1200 |
User-agent: | Orcon Webmail |
On 2018-06-06 04:36, Phil Sainty wrote:
On 2018-06-06 04:24, Robert Pluim wrote:What if this hypothetical emacs was deliberately started without a server running, since it contains sensitive information? Starting a server when receiving a signal has now opened up access to that emacs where none existed before.Certainly -- if we *are* treating emacs servers in general as a securityrisk, then the concern seems valid.
Of course if the attacker can edit files in the user's ~/.emacs.d then there's already nothing to stop them from adding a custom [sigusr1] binding to the user's init file or some other loaded file in their config (or site-start.el or a core library if they had root), and enabling the behaviour we're discussing for the user's future emacs sessions (albeit in a way which might be more apparent to the user, depending on how they manage their config). -Phil
[Prev in Thread] | Current Thread | [Next in Thread] |