[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2017-14482 - Red Hat Customer Portal

From: Robert Thorpe
Subject: Re: CVE-2017-14482 - Red Hat Customer Portal
Date: Sun, 24 Sep 2017 19:29:17 +0100

Philipp Stephani <> writes:

> Eli Zaretskii <> schrieb am So., 24. Sep. 2017 um 04:54 Uhr:
>> > From: Yuri Khan <>
>> > Date: Sun, 24 Sep 2017 03:50:51 +0700
>> > Cc: "" <>
>> >
>> > On Sun, Sep 24, 2017 at 12:34 AM, Eli Zaretskii <> wrote:
>> >
>> > > Why are you visiting a file about which you know nothing at all?
>> >
>> > Why not? Opening a file in a text editor is not normally considered a
>> > hazardous activity.
>> A file whose source you don't trust or are unfamiliar with should
>> initially be examined with find-file-literally, if your security is
>> indeed important for you.  That emulates what most other text editors
>> do when you open a file.
> That's an unrealistic requirement; nobody will ever do this. Emacs must
> make sure to never run untrusted code when visiting a file, unless the user
> explicitly asked for (via the enable-local-eval variable).

I think it would be very useful if Emacs had a concept of trusted-zones.

So, a person could declare their main local partition to be trusted.  Or
they could declare it to be trusted except for the browser cache (for

They could declare a lower degree of trust for some directories or

Robert Thorpe

reply via email to

[Prev in Thread] Current Thread [Next in Thread]