From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Po Lu via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#63063: CVE-2021-36699 report Date: Tue, 25 Apr 2023 20:59:16 +0800 Message-ID: <875y9kce3f.fsf@yahoo.com> References: <40-63e3c600-3-2d802d00@111202636> <01070187b503303f-1657dcaa-4f53-47da-9679-2f68a682d447-000000@eu-central-1.amazonses.com> <01070187b52a3165-eeb31a4e-fba7-4290-850a-c73ab11eb43f-000000@eu-central-1.amazonses.com> <83mt2wwi0y.fsf@gnu.org> <87v8hkctlc.fsf@yahoo.com> <83fs8owg3r.fsf@gnu.org> <87r0s8cq6c.fsf@yahoo.com> <83a5ywwcow.fsf@gnu.org> <87mt2wcjtf.fsf@yahoo.com> <834jp4w57b.fsf@gnu.org> <87edo8cflg.fsf@yahoo.com> <83zg6wuo0u.fsf@gnu.org> Reply-To: Po Lu Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="23533"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: 63063@debbugs.gnu.org, fuo@fuo.fi To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Apr 25 15:00:38 2023 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1prIHd-0005vj-Ji for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 25 Apr 2023 15:00:37 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1prIHN-0002Er-ST; Tue, 25 Apr 2023 09:00:21 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1prIH5-000296-R5 for bug-gnu-emacs@gnu.org; Tue, 25 Apr 2023 09:00:05 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1prIH4-0003mJ-HE for bug-gnu-emacs@gnu.org; Tue, 25 Apr 2023 09:00:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1prIH4-0000U2-Cm for bug-gnu-emacs@gnu.org; Tue, 25 Apr 2023 09:00:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Po Lu Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 25 Apr 2023 13:00:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63063 X-GNU-PR-Package: emacs Original-Received: via spool by 63063-submit@debbugs.gnu.org id=B63063.16824275731713 (code B ref 63063); Tue, 25 Apr 2023 13:00:02 +0000 Original-Received: (at 63063) by debbugs.gnu.org; 25 Apr 2023 12:59:33 +0000 Original-Received: from localhost ([127.0.0.1]:51675 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1prIGb-0000RZ-DA for submit@debbugs.gnu.org; Tue, 25 Apr 2023 08:59:33 -0400 Original-Received: from sonic307-56.consmr.mail.ne1.yahoo.com ([66.163.190.31]:43669) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1prIGZ-0000RK-6B for 63063@debbugs.gnu.org; Tue, 25 Apr 2023 08:59:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682427565; bh=DbXU5YnKQG79VrpGZau9QWj24yVLeWjhmxoCRoDMxzI=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From:Subject:Reply-To; b=PmLVzNqOVt/OQ53PPZ0c08zy15nCqtKJ2G8a9dHvkXmu9MUWhHX7rxiepOOBt7S/ZwwfV1BvzNvW9xOSBvc+nb/X6IknBIfAv0NNMx+npjVTSPNtnTBXdqzkRsknFgraUx/85Y+EEG4kbCn6m/x4p6tO8kJ8n7X6Ng2HhG8DZ9nJg7IJyLO0lCkE/6SHBRD/QqskUkLZ9LUOFTN6l25lMngV+7jAyBhEeJPR89gFJieIqKHXEM2aPtA7Cjih1bXquq1C+gD14TpgFavSohlM4VdlCXUzA2cVhoBFv2T28uDJCRmX4uZprQ76InSRcDGDXWdO4rRtRnJrdo8YbF+h2w== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682427565; bh=Cg90boEFx9+kWhxfNMbO5DO+UgmnJTR8OlGNmKMKto5=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=GM9+l+pwqIMCw3prhOGlNjfduT2iQJiVjDpBAofpUvByUPZaFbfAU+wrKbelk5kRZun2uuh1/vynGxNwl8I+0OeLqpz/TpvF3mJQSqEex2WUVQQBM/JY8E9dR3Ueii8ZmFS3AacFOOoZ9aPRoT126CX2IXbIDosfDosoASQ7YVhtc2iKXyep4j8MxzAGoy6N0ngQoNlb2Zw7IJ2vmFnPALHHxN+ciBY8Nv+LRoE8h+eQzR0yMZrz2ql4v7XhcIyitw8n8YAPXBH5QM/J1B+GBduvxRPyZ64RicxaYog+mFB3PokJAU2Ted1iwyPk5ZRBJz8mzDV6LF9J1mbzPgGSMg== X-YMail-OSG: dIOYwkwVM1nkjB4qF3Av8Jg5g5uETRUz7nG5jmSv1oNC_PPU2hiBQxRv6AT61Q9 Su3FL5530GXsHsD4Y2vz7UXm4d5w8TNjcRGjuiDGH3BpKaJt3HRjIFlYNMVwTuJWxDASBufWJKLe XoylpV0VUM.WqLuYRh0U0IxDx3RrfCGsj9ZsHDwQXix1rg0XJOasT.qMCgMEZ2amXgh4ThDEDs5u xeT6LHQ.cSDfuDWWjMwyEMA5C7_tynnOdUg3FiSRXnasBXaG3foNuWb4Iw6DDFnHDnZEKIJSFm7B zAIOevVcrNz3gprxifrebEBdTYDT8CM8aUJb12HXvUBfIEj22DIkLsyEmrQCMJpCEBuWA0BmQMRO Jhk.ZckLP2gEk_N_Zi5HjaDOPL7MeoxJmVoB.5OaRm3Xt2j3v1N5TpCrZg8i6qYyRGxlP5yRwFe7 p_C6.NbwmfefzAwvyYuh5srtWdHkC2fBySyxm.iywI9FBb0k3bVh8iBLUkqVOs2G3YYQry8KOjsO _IrZlsOPx4Gt3e.3yzvZioEivmPNEmvprN8xQHvJvqGXZkbFBvZbEsCbGnV7J3k_eC6skmVSL6Db kngyIL94iNRe1uD4F_5OeJ59Ba3ZSeQDVBlawrIafw5B6Ab6_AdNnxLQqyomfLUBAWgUcivLdcYL NHpkcLyrhomSuRxmerwlO6R7Nj2STYscmkS5gOIzgPqU4MgEyfb4XSJCRgf5voNEf6PBEWQyc7LU 8ccFpTrF.8_UNvneAMSnp0Bitba7RRzTrQYc_FH34OWMu5yjtOHAxAUslL.VVlKpRtD.njAx98Xs Wg7FkCYbfcu9oY1Loa2jtTxBYstOC.IBHL1u2nr7P9 X-Sonic-MF: X-Sonic-ID: 6ea281f8-8e4c-4c0d-adae-3ef4e2434d99 Original-Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Tue, 25 Apr 2023 12:59:25 +0000 Original-Received: by hermes--production-sg3-6d6fb994f6-7thcs (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 2f881867fa9636850c7226153a52b142; Tue, 25 Apr 2023 12:59:22 +0000 (UTC) In-Reply-To: <83zg6wuo0u.fsf@gnu.org> (Eli Zaretskii's message of "Tue, 25 Apr 2023 15:47:29 +0300") X-Mailer: WebService/1.1.21365 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:260619 Archived-At: Eli Zaretskii writes: > How do you "easily" figure out the offset from some arbitrary data > address to the current stack pointer, and do that in advance, > i.e. before the target program even runs? The reason I put ``easy'' in quotes was because it's ``easy'' in the eyes of the people running the CVE registry. To them, any kind of bug (or perhaps even intended crash) is a security problem. > The pdumper file is data, not code. It is loaded into the data > segment. And executable code segments are usually write-protected. Only some kinds of CPU make the distinction between executable and readable pages. > I don't think this is relevant. But based on what the code does, I > don't see why this should be considered a security issue. It's not, indeed. The glaringly obvious reason being that only the site administrator, or the user himself, can replace the dump file with something else.