[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: emacsclient startup messages
|
From: |
Jim Porter |
|
Subject: |
Re: emacsclient startup messages |
|
Date: |
Sat, 6 Nov 2021 11:40:09 -0700 |
On 11/6/2021 4:35 AM, Pedro Andres Aranda Gutierrez wrote:
hmmm... from a user's perspective I really don't know what I gain by
having emacs running as a daemon if I boot up my laptop to say watch a
film or listen to a recording from my satellite PVR just for the fun of it.
This is roughly in line with how I use Emacs too: I start it up, I edit
stuff, and then when I'm done (which may take anywhere from a few
minutes to a few weeks), I close Emacs entirely.
However, for the issue of these startup messages, I think the main thing
we need to do here is to figure out whether the XDG_RUNTIME_DIR warning
is a legitimate warning (i.e. it's informing the user that they're
vulnerable to a symlink attack), and then either a) fix the
vulnerability or b) remove the warning if there's no vuln.
I'm not an expert on this sort of security analysis, so I can't really
say for sure whether this is a real vulnerability. However, Paul
Eggert's message[1] agrees it *is* insecure, so it should be fixed
(somehow). The question then would be how to close the vulnerability
while supporting the behavior that Gentoo would like (see Ulrich's
messages).
- Jim
[1] https://lists.gnu.org/archive/html/bug-gnu-emacs/2021-10/msg02641.html