[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#37656: 27.0.50; Arbitrary code execution with special `mode:'
From: |
Adam Plaice |
Subject: |
bug#37656: 27.0.50; Arbitrary code execution with special `mode:' |
Date: |
Wed, 16 Oct 2019 23:02:29 +0200 |
> So the deprecated approach isn't actually a factor here.
FWIW bug#8613 included a discussion of adding an optional `:risky'
argument to define-minor-mode. If RISKY were absent (or nil) then the
relevant minor mode function would have its `safe-local-eval-function'
property set to t. (Why a `:risky' argument rather than a `:safe'
one, would have been preferable, is discussed in the bug.) In the end,
this was not implemented, (and the alternative approach of treating
modes as a special case in `hack-one-local-variable-eval-safep', was
taken). It was decided to not be needed yet, as the case of an
unsafe minor mode was considered hypothetical.
> I think it goes further than just flymake support for Elisp: flymake
> support for other major modes may also end up running arbitrary code
> (tho it will depend on the specifics).
The advantage of being able to mark minor modes as "risky" would be
that it might help solve the issue for all flymake backends and for
any third-party minor modes which are unsafe, with minimal changes
needed for such backends/modes.
Adam
- bug#37656: 27.0.50; Opening file with specially crafted local variables can cause arbitrary code execution Inbox x, adam plaice, 2019/10/08
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', adam plaice, 2019/10/15
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Stefan Kangas, 2019/10/15
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Stefan Kangas, 2019/10/15
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Stefan Kangas, 2019/10/15
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Adam Plaice, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Phil Sainty, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:',
Adam Plaice <=
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Adam Plaice, 2019/10/15
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Phil Sainty, 2019/10/15
bug#37656: 27.0.50; Opening file with specially crafted local variables can cause arbitrary code execution Inbox x, Stefan Monnier, 2019/10/16