From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Po Lu via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#63063: CVE-2021-36699 report Date: Tue, 25 Apr 2023 21:18:20 +0800 Message-ID: <87wn20ayn7.fsf@yahoo.com> References: <40-63e3c600-3-2d802d00@111202636> <01070187b503303f-1657dcaa-4f53-47da-9679-2f68a682d447-000000@eu-central-1.amazonses.com> <01070187b52a3165-eeb31a4e-fba7-4290-850a-c73ab11eb43f-000000@eu-central-1.amazonses.com> <83mt2wwi0y.fsf@gnu.org> <87v8hkctlc.fsf@yahoo.com> <83fs8owg3r.fsf@gnu.org> <87r0s8cq6c.fsf@yahoo.com> <83a5ywwcow.fsf@gnu.org> <87mt2wcjtf.fsf@yahoo.com> <834jp4w57b.fsf@gnu.org> <87edo8cflg.fsf@yahoo.com> <83zg6wuo0u.fsf@gnu.org> <875y9kce3f.fsf@yahoo.com> <83wn20un4u.fsf@gnu.org> Reply-To: Po Lu Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="1757"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: 63063@debbugs.gnu.org, fuo@fuo.fi To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Apr 25 15:19:56 2023 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1prIaJ-0000Bv-Uh for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 25 Apr 2023 15:19:56 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1prIZW-0003H9-1Z; Tue, 25 Apr 2023 09:19:06 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1prIZT-0003Cp-4j for bug-gnu-emacs@gnu.org; Tue, 25 Apr 2023 09:19:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1prIZS-0007dI-KN for bug-gnu-emacs@gnu.org; Tue, 25 Apr 2023 09:19:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1prIZS-0005to-FC for bug-gnu-emacs@gnu.org; Tue, 25 Apr 2023 09:19:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Po Lu Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 25 Apr 2023 13:19:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 63063 X-GNU-PR-Package: emacs Original-Received: via spool by 63063-submit@debbugs.gnu.org id=B63063.168242872322651 (code B ref 63063); Tue, 25 Apr 2023 13:19:02 +0000 Original-Received: (at 63063) by debbugs.gnu.org; 25 Apr 2023 13:18:43 +0000 Original-Received: from localhost ([127.0.0.1]:51724 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1prIZ9-0005tH-Ag for submit@debbugs.gnu.org; Tue, 25 Apr 2023 09:18:43 -0400 Original-Received: from sonic307-56.consmr.mail.ne1.yahoo.com ([66.163.190.31]:39630) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1prIZ4-0005st-M9 for 63063@debbugs.gnu.org; Tue, 25 Apr 2023 09:18:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682428713; bh=5QPYvhL1tDxIMBDnxXSOqYVI9dXdEmugQe89Gx2+Nt8=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From:Subject:Reply-To; b=i4LQcN05Qm3Pjs5nuJ0FPGRWCsvrkovV9ESNKlCruVm/PtaoY6+cGBv6rd+4mMttoVXAIXBh4ejs0rDzgiIm3PadiW/DYe/VYySna5Ipvn4ZwNabXDA0jbHUR5933BVMZ/oNBATcaIl5etmHdRLAlh9F4TD0x+Dm8RwP4kwNSwU5/g2XaqFbG/DWNtv70S+hMnKjH+Lq3JzkomHOTa1uQiV/1o3k39lhwluAbSKdg55LZhTyZsPa7pVT6hjlczBx3sjFQvTiy7OCkcyQwUAYDV3FhhC/+X8mbmzeO8AVcky4icS1Kn5/XC70nAwua9vS4RaLgkA9Hlf4xvKnAor+2w== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1682428713; bh=4DaKbbTzxPLa2SbeLrwWezAV6yj4HPASL9nMBWbZaag=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=D5Fzf2yIE5b0nPEUmi3tGh7AlYVRSYPTzErcvMDU/NvdV4Itg1W1TUEu2AuE7ZaiKcFm16Ht14B/iWL0gV8avNB/ex+GDG5qKv9Yed/WXdWzStaO/wzqt7LAbQmJ8+cfrKwD7lZlNn4Wh+lwnDzJFE6Mn7mhC8HdgKsnbYrzreScpwRpWXrv7OUMin12HrgOYysc8v+WgU8lNaMXRdNAPkS2XUY4Na447P/E273CZlU05JbAe7WhD3YmIOKB1+44A+Vy6lgqhrTnKCUZMgTVGgI0zd7vdHHYymsAh0xBB+cK92Xqn4tp5Bncpls6Zk/M6Nlmw/K0bi0iX4W6pK+mfw== X-YMail-OSG: ztu4DFYVM1l03AzVEtQzUxGqAvdAlT5CvmcBzk36QYqf0122cf.bNFdnprGw4MC iX_QQKAoN8aqnimJnKBoBJ2ZB8tm7hpcssS_u_TGBUZZV6y1CxYXXqIeWGj_VvGGQ4cdboa8beXp yZrVakGsY9eLDJuFUdErTMsuP868fLml6t51ya9CJQyZBYMCeRJ3Sa91BjRXCrPBbolCjdtgmW79 DJLrq8kSnRlX.4Dj.IS67dl7WgjtSngBPZb2WJ5vb.Kx_oOKxo47h4m_ELXwM7f4CNE8kAIbOojD T2CFGrgFQ.0PkNavPZC62OLSka.zPbz13wg61Sh.UZlXAhz8dwWKNj7ObISHQTJAnj4KZFXPHn9a nxrvSMllFTelgeujFne_SXLBhhqoIHPcDruzX_8XYHunvp_nPPWwEfZqMm8fBrN3eVGrMVGHY1wd RnNnEKpvBDLt87qZkm9H_uYlsjF5g2hO44YrvFyxWymZH3f.GaJGhad16CX.4HKMk47YKFBAJ2wE FxOPzU.PJyhl6Art7vsRw3Cf4YPheAk5FpMwXE82il443s.T769NaRNUq45dE14tJ0qjceWmPi2n dnac.wrq0lhjdfFUJiCA6Gac9AczgHbLHUaVwvRV8wQt3QtOPNbcoJxVOl5q2DkbY.509Utw5JeY sXYj3_9hYtZTNTyj22c_y6NJNz7PPWu4ZaPJ2APmaTMYOTKw5aQhK0Yu0DdlFzugVb5CsDxQ7nC1 vne3QhFVGtaSZXKVzWkuEZLkHeLAPFjNR4Fo0yi7pU02tWONX4R4RZ38fYaVZc8CQNsVayWRtZrT aXm5jv_2cGjoQbRSkF3gjb1p5ZuZpHwxhiwOFZhx7D X-Sonic-MF: X-Sonic-ID: 9ec56af5-3025-4afa-ac4d-92ad09eaefaa Original-Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.ne1.yahoo.com with HTTP; Tue, 25 Apr 2023 13:18:33 +0000 Original-Received: by hermes--production-sg3-6d6fb994f6-jx956 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 46b7b21cb42fdc16e2db4a9d298f7bd5; Tue, 25 Apr 2023 13:18:25 +0000 (UTC) In-Reply-To: <83wn20un4u.fsf@gnu.org> (Eli Zaretskii's message of "Tue, 25 Apr 2023 16:06:41 +0300") X-Mailer: WebService/1.1.21365 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:260621 Archived-At: Eli Zaretskii writes: > I think this depends on the OS, not only the CPU? That too. >> > I don't think this is relevant. But based on what the code does, I >> > don't see why this should be considered a security issue. >> >> It's not, indeed. >> >> The glaringly obvious reason being that only the site administrator, or >> the user himself, can replace the dump file with something else. > > I'm not sure I agree (there's the symlink attack, for example), but I > don't think it changes the nature of the issue. How would such a ``symlink attack'' work? And in any case: 1. How will such a malicious .pdmp file be installed on the user's system? 2. How will such a malicious .pdmp file end up loaded by the user's Emacs? 3. What privileges will the user's Emacs have, that whoever installed the malicious .pdmp file did not? The answers to questions 1 and 2 can only be ``by user action'', or ``by administrative action''. The answer to question 3 naturally follows.