Dan Rosenberg discovered that the email helper in Emacs did not correctly check file permissions. A local attacker could perform a symlink race to read or append to another user"s mailbox if it was stored under a group-writable group-"mail" directory.