|
From: | Paul Eggert |
Subject: | Re: Avoiding arbitrary code execution with macroexpansion |
Date: | Thu, 16 Aug 2018 13:52:37 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 |
Wilfred Hughes wrote:
This means that I can get arbitrary code execution by you opening and calling code completion a maliciously crafted elisp file! Is this a security bug in Emacs?
Sounds like it. I suggest constructing a complete, self-contained and hopefully easy way to reproduce the problem with emacs -Q, and sending it in a bug report to address@hidden Thanks.
[Prev in Thread] | Current Thread | [Next in Thread] |