[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2017-14482 - Red Hat Customer Portal

From: Eli Zaretskii
Subject: Re: CVE-2017-14482 - Red Hat Customer Portal
Date: Fri, 29 Sep 2017 12:48:39 +0300

> From: Glenn Morris <>
> Cc:
> Date: Mon, 25 Sep 2017 17:26:45 -0400
> Eli Zaretskii wrote:
> > A file whose source you don't trust or are unfamiliar with should
> > initially be examined with find-file-literally, if your security is
> > indeed important for you.  That emulates what most other text editors
> > do when you open a file.
> Wow. I find this an extraordinary statement. For example, it means
> that "emacs [-Q] somefile" could eg happily delete your home directory.

Unless you trust Emacs to have absolutely zero exploitable
vulnerabilities, including those not yet revealed, sure it could.
Although not "happily", which seems to be uncalled for.

And why is "-Q" part of this, anyway?  The use case under
consideration is precisely that the user nonchalantly visits a file
from their _normal_ Emacs session.  Using -Q already assumes some
unusual care, in which case find-file-literally is a more logical

> Please reconsider.

I don't see why I should.  You seem to be misinterpreting what I wrote
in some strange direction, if what I wrote really bothers you.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]