[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#37656: 27.0.50; Arbitrary code execution with special `mode:'
From: |
Eli Zaretskii |
Subject: |
bug#37656: 27.0.50; Arbitrary code execution with special `mode:' |
Date: |
Wed, 16 Oct 2019 10:57:03 +0300 |
> From: Adam Plaice <plaiceadam@gmail.com>
> Date: Wed, 16 Oct 2019 02:35:58 +0200
> Cc: 37656@debbugs.gnu.org, Emacs developers <emacs-devel@gnu.org>
>
> Unfortunately, I've realised that a similar problem can be introduced
> with directory variables.
Indeed, and I expect the same problem to pop up in other places.
Which is why I think the problem should be solved in those modes which
allow execution of arbitrary code via file-local variables without any
security precautions or other limitations, at least under user
control.
> (Should I file separate bug for this as it's closely related but not
> quite the same?)
No, it's the same problem, and I don't like the proposed solution for
the reasons explained above. I think we need a different solution.
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', (continued)
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Stefan Kangas, 2019/10/15
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Stefan Kangas, 2019/10/15
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Stefan Kangas, 2019/10/15
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Adam Plaice, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Phil Sainty, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Adam Plaice, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Adam Plaice, 2019/10/15
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:',
Eli Zaretskii <=
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Phil Sainty, 2019/10/15
bug#37656: 27.0.50; Opening file with specially crafted local variables can cause arbitrary code execution Inbox x, Stefan Monnier, 2019/10/16