[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: address@hidden: Emacs security bug]
From: |
Eli Zaretskii |
Subject: |
Re: address@hidden: Emacs security bug] |
Date: |
Sat, 10 May 2008 18:16:55 +0300 |
> From: Chong Yidong <address@hidden>
> Cc: Eli Zaretskii <address@hidden>, address@hidden
> Date: Sat, 10 May 2008 10:50:17 -0400
>
> Eli Zaretskii <address@hidden> writes:
>
> > From: "Morten Welinder" <address@hidden>
> >
> > 1. Create .emacs with contents
> > (global-font-lock-mode t)
> > (seq font-lock-support-mode 'fast-lock-mode)
> >
> > 2. Create foo.c with contents /* Nothing to see here */
> >
> > 3. Create foo.c.flc with contents (message "Something to see here!")
> >
> > 4. Start Emacs and load foo.c
> >
> > - --> Observe that code from foo.c.flc is run. Not good.
> > (This is with Emacs 21.3.1; XEmacs is also affected, although step 1 needs
> > to
> > be adjusted.)
> >
> > Suggestions:
> >
> > a. Remove "." from fast-lock-cache-directories. Littering little
> > files everywhere is not a good idea anyway.
> >
> > b. Don't use load to handle the .flc file. Instead read it into a
> > buffer and read one s-expression at a time and verify that it is sane
> > before evaluating it.
>
> Simon, could you take a look at this (you're listed as the author of
> fast-lock.el)?
Please keep Morten on the CC list of this thread. I don't want to
have to forward messages back and forth forever.
- address@hidden: Emacs security bug], Eli Zaretskii, 2008/05/09
- Re: address@hidden: Emacs security bug], Chong Yidong, 2008/05/09
- Re: address@hidden: Emacs security bug], Chong Yidong, 2008/05/10
- Re: address@hidden: Emacs security bug],
Eli Zaretskii <=
- RE: address@hidden: Emacs security bug], Marshall, Simon, 2008/05/12
- Re: address@hidden: Emacs security bug], Stefan Monnier, 2008/05/12
- RE: address@hidden: Emacs security bug], Marshall, Simon, 2008/05/12
- Re: address@hidden: Emacs security bug], Stefan Monnier, 2008/05/12
- RE: address@hidden: Emacs security bug], Ulrich Mueller, 2008/05/12
- RE: address@hidden: Emacs security bug], Ulrich Mueller, 2008/05/12
- RE: address@hidden: Emacs security bug], Marshall, Simon, 2008/05/13
- RE: address@hidden: Emacs security bug], Ulrich Mueller, 2008/05/14
- RE: address@hidden: Emacs security bug], Marshall, Simon, 2008/05/14
- Re: address@hidden: Emacs security bug], Stefan Monnier, 2008/05/12