[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#63063: CVE-2021-36699 report
From: |
Richard Stallman |
Subject: |
bug#63063: CVE-2021-36699 report |
Date: |
Tue, 25 Apr 2023 21:28:51 -0400 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> > In either case, this is not a security vulnerability: if you can make
> > the user load malformed dump files, you can make him load nefarious
> > executables as well.
> That's not necessarily true. The malformed pdumper file could be
> placed where Emacs usually finds it. IOW, the perpetrator could
> overwrite the pdumper file that EMacs loads when it starts.
If the pdumper file is writable by you, you could mess it up in all
sorts of ways. You wouldn't need this feature -- you could do it with
truncate, or cat. So I think it is incorrect to describe this feature
as being a security problem.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
- bug#63063: CVE-2021-36699 report, (continued)
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Po Lu, 2023/04/25
- bug#63063: CVE-2021-36699 report, lux, 2023/04/25
- bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
- bug#63063: CVE-2021-36699 report, Robert Pluim, 2023/04/25
- bug#63063: CVE-2021-36699 report, lux, 2023/04/25
- bug#63063: CVE-2021-36699 report,
Richard Stallman <=
bug#63063: CVE-2021-36699 report, fuomag9, 2023/04/25
bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25
bug#63063: CVE-2021-36699 report, Eli Zaretskii, 2023/04/25