[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#37656: 27.0.50; Arbitrary code execution with special `mode:'
From: |
Eli Zaretskii |
Subject: |
bug#37656: 27.0.50; Arbitrary code execution with special `mode:' |
Date: |
Wed, 16 Oct 2019 22:34:22 +0300 |
> Cc: Adam Plaice <plaiceadam@gmail.com>, 37656@debbugs.gnu.org,
> stefan@marxist.se
> From: Phil Sainty <psainty@orcon.net.nz>
> Date: Thu, 17 Oct 2019 08:09:04 +1300
>
> On 17/10/19 6:09 AM, Eli Zaretskii wrote:
> > I don't think that removing the feature will solve the more
> > general problem in this bug report.
>
>
> In particular it seems there is no point in removing the deprecated
> method of calling a minor mode using local variables because, after
> testing, the *approved* method of calling a minor mode via local
> variables causes the same behaviour. i.e.:
>
> -*- mode: emacs-lisp; eval:(flymake-mode 1); -*-
>
>
> So the deprecated approach isn't actually a factor here.
Right, thanks for confirming.
The question is: can we do something in core to prevent these
problems, or does the solution have to be in the individual minor
modes?
- bug#37656: 27.0.50; Opening file with specially crafted local variables can cause arbitrary code execution Inbox x, adam plaice, 2019/10/08
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', adam plaice, 2019/10/15
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Stefan Kangas, 2019/10/15
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Stefan Kangas, 2019/10/15
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Stefan Kangas, 2019/10/15
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Adam Plaice, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Phil Sainty, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:',
Eli Zaretskii <=
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Adam Plaice, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Adam Plaice, 2019/10/15
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Phil Sainty, 2019/10/15
bug#37656: 27.0.50; Opening file with specially crafted local variables can cause arbitrary code execution Inbox x, Stefan Monnier, 2019/10/16