[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2017-14482 - Red Hat Customer Portal

From: Eli Zaretskii
Subject: Re: CVE-2017-14482 - Red Hat Customer Portal
Date: Fri, 29 Sep 2017 10:11:29 +0300

> From: Philipp Stephani <>
> Date: Sun, 24 Sep 2017 07:13:55 +0000
>  A file whose source you don't trust or are unfamiliar with should
>  initially be examined with find-file-literally, if your security is
>  indeed important for you. That emulates what most other text editors
>  do when you open a file.
> That's an unrealistic requirement; nobody will ever do this.

If you care about your security, you will.  Nowadays, no text file
should be considered safe, if you don't know or don't trust its origin.

> Emacs must make sure to never run untrusted
> code when visiting a file, unless the user explicitly asked for (via the 
> enable-local-eval variable). 

Emacs does.  But since this is done by humans, sometimes errors creep
in, and in this case the error took many years to be uncovered.  Which
is why taking local precautions is always a good idea.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]