From: Kevin B. <kb...@gm...> - 2003-07-19 21:13:02
Attachments:
tempfiles.patch
|
Hi, when processing a message mailcrypt creates tempfiles which hold some gpg output. If they are placed in a public accessible directory (e.g. /tmp) and umask is set unrestrictive they are world readable in the worst case. Although they contain no sensetive data and normaly only exist for a short time this is maybe not what we want. The attached patch sets the permissions for the files to 0600. The patch also replaces the function (make-temp-name) by the (according to the function docstrings) more secure (make-temp-file). The patch only addresses to mc-gpg.el maybe one should also have a look at mc-pgp*. I'll be off for some weeks on holiday. :-) See you, Kevin |