when processing a message mailcrypt creates tempfiles which hold some
gpg output. If they are placed in a public accessible directory
(e.g. /tmp) and umask is set unrestrictive they are world readable in the
worst case. Although they contain no sensetive data and normaly only
exist for a short time this is maybe not what we want. The attached
patch sets the permissions for the files to 0600.
The patch also replaces the function (make-temp-name) by the (according
to the function docstrings) more secure (make-temp-file).
The patch only addresses to mc-gpg.el maybe one should also have a look
I'll be off for some weeks on holiday. :-)
Get latest updates about Open Source Projects, Conferences and News.