[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2017-14482 - Red Hat Customer Portal

From: Emanuel Berg
Subject: Re: CVE-2017-14482 - Red Hat Customer Portal
Date: Tue, 26 Sep 2017 00:02:44 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux)

Glenn Morris wrote:

> Wow. I find this an extraordinary statement.
> For example, it means that "emacs [-Q]
> somefile" could eg happily delete your home
> directory. Please reconsider.

On Unix systems we like to say everything is
a file [1].

The first thing you do when you don't
understand something is to have a glance under
the hood which translates to reviewing one or
more files.

This is such everyday-behavior I never even
considered it could cause the kind of damage
you describe. If indeed it can, this should be
the exception and the default behavior should
not allow it.

[1] "For example, let's say you want to find
     information about your CPU. The /proc
     directory contains a special file –
     /proc/cpuinfo – that contains
     this information.

     You don't need a special command that
     tells you your CPU info – you can just
     read the contents of this file using any
     standard command that works with
     plain-text files. For example, you could
     use the command cat /proc/cpuinfo to print
     this file's contents to the terminal –
     printing your CPU information to
     the terminal.

     You could even open /proc/cpuinfo in
     a text editor to view its contents."

underground experts united

reply via email to

[Prev in Thread] Current Thread [Next in Thread]