--- Begin Message ---
Subject: |
Re: [oss-security] Security flaw in GNU Emacs file-local variables |
Date: |
Sun, 12 Aug 2012 23:42:36 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/12/2012 09:22 PM, Chong Yidong wrote:
> Paul Ling has found a security flaw in the file-local variables
> code in GNU Emacs. We are preparing a new Emacs release to address
> this flaw, and would like to request a CVE.
>
> When the Emacs user option `enable-local-variables' is set to
> `:safe' (the default value is t), Emacs should automatically refuse
> to evaluate `eval' forms in file-local variable sections. Due to
> the bug, Emacs instead automatically evaluates such `eval' forms.
> Thus, if the user changes the value of `enable-local-variables' to
> `:safe', visiting a malicious file can cause automatic execution of
> arbitrary Emacs Lisp code with the permissions of the user.
>
> The bug is present in Emacs 23.2, 23.3, 23.4, and 24.1.
>
> Attached are patches to fix this bug for Emacs 23.4 and Emacs
> 24.1, written by Glenn Morris. (The 23.4 patch should apply to the
> rest of the Emacs 23.x series.)
>
> Bug tracker ref:
> http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155
Please use CVE-2012-3479 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJQKJPMAAoJEBYNRVNeJnmTfa8QAMp9laqz/ihbWisZWmHk5kkQ
1afhhPxgSOauIPnuc2myWIP53lu8buJOgXOCo1Tl6fvfjMGu8zWJ3gr3xnqRyYjr
m1EbiUZtrqdlyukvkReU08CVWmW8lXkn6W3znc3S6JQNq+eRxgBXMvcbAtNnJzKA
ri6ApmMIqKZkbV9p8hqyHeNcdCdfi4nrjBr4vff6UX4SM1hqe05P6DOa8FCoRDIj
Wt81d3zUenGwuVyFaRknuqw0dwQ6svwjCpcpsZnEiwjPZG+8IDlo8aCrvuThKh+x
DTcD3Lt8Vr7+6QhAf7a20PDwJvM1KcinkHDQ1qE6ZvmxcdTJmoY0R+2wZqdnX2UZ
f7mlqS8GPxH4V173ypz98eM0IhI/E4ZXSlTHg0vThq33QJ9NNjQ0OuDJhM5fuikF
vY/s2n2TymrEAIjP6CMwZjZfSe56SzcJadR3Pq56H7RD+zSJYJmfasWbK56acjHA
qE5xxvunO7UZPMAsYqUMGIqVCv5EsiDmmoFF/Xtlk98/at8AWfKNt27IGqPU+io3
ShpGjDcptN8yitOPaPcEaAim6ndfObL4LlLozNv85M71oJ7tcDGiVBPaPRIjB0AJ
bXpunXMcEigQlazVy/T4CIv7r2P2ZR64at16t0LKiR4XiTL016rjUkhSuHdPSdU3
FS+YTLukIBYRDIFbbJss
=jFS2
-----END PGP SIGNATURE-----
--- End Message ---