emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2024-53920 Emacs arbitrary code execution via unsafe macro-expan

From: Daniel Radetsky
Subject: Re: CVE-2024-53920 Emacs arbitrary code execution via unsafe macro-expansion
Date: Tue, 26 Nov 2024 23:57:53 -0800 
On Wed, Nov 27, 2024 at 08:02:35AM +0100, Eshel Yaron wrote:
> Hi all,
> 
> I've just published an advisory regarding an arbitrary code execution
> vulnerability in Emacs, which has been assigned CVE-2024-53920:
> 
> https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html

Slight correction: you wrote:

> In some Emacs “distributions”, such as the popular Doom
> Emacs and Prelude, either Flymake or Flycheck are enabled
> by default in ELisp mode.

This is not true of Doom, which I use. I had to modify my
init form (which is the same as the current default in this
respect) from

       :checkers
       syntax              ; tasing you for every semicolon you forget

to

       :checkers
       (syntax +flymake)              ; tasing you for every semicolon you 
forget

in order to get your rx poc to create /tmp/owned simply by
visiting the file. This is the only doom module which can
activate flymake.

Is the same true of flycheck? It's harder to tell, but I
think the answer is also no. In any case, while I didn't
intentionally test this on the literal default
configuration, I also never explicitly disabled flycheck and
it isn't running and I had to make the above-mentioned
change to get your poc to work.

--dmr
reply via email to
[Prev in Thread] Current Thread [Next in Thread]