bug#37656: 27.0.50; Arbitrary code execution with special `mode:'

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#37656: 27.0.50; Arbitrary code execution with special `mode:'

From:	Phil Sainty
Subject:	bug#37656: 27.0.50; Arbitrary code execution with special `mode:'
Date:	Thu, 17 Oct 2019 08:09:04 +1300
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0

> > -*- mode: emacs-lisp; mode: flymake -*-
> > This relies on the "deprecated" feature of allowing `mode: '
> > to be repeated more than once, to also specify minor modes.
> > Just having: -*- mode: flymake -*- [...] would not trigger
> > the security bug.

On 17/10/19 6:09 AM, Eli Zaretskii wrote:
> I don't think that removing the feature will solve the more
> general problem in this bug report.

In particular it seems there is no point in removing the deprecated
method of calling a minor mode using local variables because, after
testing, the *approved* method of calling a minor mode via local
variables causes the same behaviour.  i.e.:

-*- mode: emacs-lisp; eval:(flymake-mode 1); -*-

So the deprecated approach isn't actually a factor here.

-Phil

[Prev in Thread]

Current Thread

[Next in Thread]

bug#37656: 27.0.50; Opening file with specially crafted local variables can cause arbitrary code execution Inbox x, adam plaice, 2019/10/08
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', adam plaice, 2019/10/15
  - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Stefan Kangas, 2019/10/15
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Stefan Kangas, 2019/10/15
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Stefan Kangas, 2019/10/15
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Adam Plaice, 2019/10/16
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Phil Sainty <=
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Adam Plaice, 2019/10/16
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Adam Plaice, 2019/10/15
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Phil Sainty, 2019/10/15
- bug#37656: 27.0.50; Opening file with specially crafted local variables can cause arbitrary code execution Inbox x, Stefan Monnier, 2019/10/16

Prev by Date: bug#37756: [PATCH] Wrong initialization of fringe bitmap
Next by Date: bug#37770: [PATCH] Expose scale factor through the redisplay interface
Previous by thread: bug#37656: 27.0.50; Arbitrary code execution with special `mode:'
Next by thread: bug#37656: 27.0.50; Arbitrary code execution with special `mode:'
Index(es):
- Date
- Thread