bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#37656: 27.0.50; Arbitrary code execution with special `mode:'

From: Stefan Kangas
Subject: bug#37656: 27.0.50; Arbitrary code execution with special `mode:'
Date: Wed, 16 Oct 2019 00:27:18 +0200 
adam plaice <plaice.adam+lists@gmail.com> writes:

> Since the bug allows an attacker to execute arbitrary code if the
> victim opens a payload file, and hence opening any file from an
> untrusted source becomes dangerous, it seems to be rather
> serious.

Thanks for raising this here.  I agree that this is serious, and we
should treat it accordingly.

The below patch seems to fix it by disabling the feature it exploits.

A workaround is to add this to your init file:
(setq enable-local-variables nil)

Best regards,
Stefan Kangas


diff --git a/lisp/files.el b/lisp/files.el
index 40807617fa..550227b21a 100644
--- a/lisp/files.el
+++ b/lisp/files.el
@@ -3068,7 +3068,7 @@ set-auto-mode
           (if (save-excursion (search-forward ":" end t))
               ;; Find all specifications for the `mode:' variable
               ;; and execute them left to right.
-          (while (let ((case-fold-search t))
+        (when (let ((case-fold-search t))
                        (or (and (looking-at "mode:")
                                 (goto-char (match-end 0)))
                            (re-search-forward "[ \t;]mode:" end t)))
reply via email to
[Prev in Thread] Current Thread [Next in Thread]