|
From: | Ulrich Mueller |
Subject: | bug#51327: 28.0.60; emacsclient warns about XDG_RUNTIME_DIR when starting daemon on demand |
Date: | Fri, 05 Nov 2021 19:05:17 +0100 |
User-agent: | Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Can someone please explain to me how an exploit on the _client_ side would look like? When starting the server, I can believe that there may be some surface for a symlink attack. But once the daemon is running? What is the security issue for the client checking TMPDIR?
[Prev in Thread] | Current Thread | [Next in Thread] |