You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
temporary-file-directory points to /tmp on a standard emacs installation. Opening any file in that directory with a known, non-randomized filename ("sync-recentf-marker") is a very bad idea... If the attacker can time operations and can create symlinks in /tmp, you can have random security issues.
I think you can simply change this to user-emacs-directory without losing anything.
The text was updated successfully, but these errors were encountered:
msin32
added a commit
to msin32/sync-recentf
that referenced
this issue
Jun 15, 2024
sync-recentf/sync-recentf.el
Line 64 in 0052561
temporary-file-directory
points to /tmp on a standard emacs installation. Opening any file in that directory with a known, non-randomized filename ("sync-recentf-marker") is a very bad idea... If the attacker can time operations and can create symlinks in /tmp, you can have random security issues.I think you can simply change this to
user-emacs-directory
without losing anything.The text was updated successfully, but these errors were encountered: