[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE-2017-14482 - Red Hat Customer Portal
From: |
Philipp Stephani |
Subject: |
Re: CVE-2017-14482 - Red Hat Customer Portal |
Date: |
Sun, 24 Sep 2017 07:13:55 +0000 |
Eli Zaretskii <eliz@gnu.org> schrieb am So., 24. Sep. 2017 um 04:54 Uhr:
> > From: Yuri Khan <yuri.v.khan@gmail.com>
> > Date: Sun, 24 Sep 2017 03:50:51 +0700
> > Cc: "help-gnu-emacs@gnu.org" <help-gnu-emacs@gnu.org>
> >
> > On Sun, Sep 24, 2017 at 12:34 AM, Eli Zaretskii <eliz@gnu.org> wrote:
> >
> > > Why are you visiting a file about which you know nothing at all?
> >
> > Why not? Opening a file in a text editor is not normally considered a
> > hazardous activity.
>
> A file whose source you don't trust or are unfamiliar with should
> initially be examined with find-file-literally, if your security is
> indeed important for you. That emulates what most other text editors
> do when you open a file.
>
>
That's an unrealistic requirement; nobody will ever do this. Emacs must
make sure to never run untrusted code when visiting a file, unless the user
explicitly asked for (via the enable-local-eval variable).
- Re: CVE-2017-14482 - Red Hat Customer Portal, (continued)
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal, Charles A. Roelli, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Óscar Fuentes, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Glenn Morris, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Yuri Khan, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal,
Philipp Stephani <=
- Re: CVE-2017-14482 - Red Hat Customer Portal, Robert Thorpe, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Stefan Monnier, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/29
- Message not available
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal, Glenn Morris, 2017/09/25
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/25
- RE: CVE-2017-14482 - Red Hat Customer Portal, Ludwig, Mark, 2017/09/25
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/26