From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.bugs Subject: bug#28350: enriched.el code execution Date: Sun, 10 Sep 2017 14:46:59 -0700 Organization: UCLA Computer Science Department Message-ID: <89bf7f23-d065-572c-ad54-bce7cb9a02e7@cs.ucla.edu> References: <305e0573-2e10-cb15-4133-9bd72d33ea5e@cs.ucla.edu> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1505080124 17188 195.159.176.226 (10 Sep 2017 21:48:44 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sun, 10 Sep 2017 21:48:44 +0000 (UTC) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 Cc: larsi@gnus.org, 28350@debbugs.gnu.org To: "Charles A. Roelli" Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Sep 10 23:48:39 2017 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drA5a-0003Yl-1y for geb-bug-gnu-emacs@m.gmane.org; Sun, 10 Sep 2017 23:48:26 +0200 Original-Received: from localhost ([::1]:54375 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1drA5f-000862-NM for geb-bug-gnu-emacs@m.gmane.org; Sun, 10 Sep 2017 17:48:31 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:59672) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1drA5F-0007vW-QD for bug-gnu-emacs@gnu.org; Sun, 10 Sep 2017 17:48:06 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1drA5C-0004Sz-ND for bug-gnu-emacs@gnu.org; Sun, 10 Sep 2017 17:48:05 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:51177) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1drA5C-0004SZ-Jg for bug-gnu-emacs@gnu.org; Sun, 10 Sep 2017 17:48:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1drA5C-0002OT-C7 for bug-gnu-emacs@gnu.org; Sun, 10 Sep 2017 17:48:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Paul Eggert Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 10 Sep 2017 21:48:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 28350 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 28350-submit@debbugs.gnu.org id=B28350.15050800309138 (code B ref 28350); Sun, 10 Sep 2017 21:48:02 +0000 Original-Received: (at 28350) by debbugs.gnu.org; 10 Sep 2017 21:47:10 +0000 Original-Received: from localhost ([127.0.0.1]:59856 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drA4M-0002NK-J8 for submit@debbugs.gnu.org; Sun, 10 Sep 2017 17:47:10 -0400 Original-Received: from zimbra.cs.ucla.edu ([131.179.128.68]:37706) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1drA4J-0002Mr-Mm for 28350@debbugs.gnu.org; Sun, 10 Sep 2017 17:47:08 -0400 Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id B9364160A30; Sun, 10 Sep 2017 14:47:01 -0700 (PDT) Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id mw1C3Mn15gK1; Sun, 10 Sep 2017 14:47:00 -0700 (PDT) Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 50EAE160CC3; Sun, 10 Sep 2017 14:47:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id sXO1LHh1auEi; Sun, 10 Sep 2017 14:47:00 -0700 (PDT) Original-Received: from [192.168.1.9] (unknown [47.153.184.153]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 2D070160CBF; Sun, 10 Sep 2017 14:47:00 -0700 (PDT) In-Reply-To: Content-Language: en-US X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:136747 Archived-At: Charles A. Roelli wrote: > Do we know that "x-color" and/or "x-bg-color" are vulnerable to a > similar misuse as "x-display"? If not, I can still re-add them at a > later time. Eli asked the same question privately. I don't know the code myself; perh= aps=20 Lars could say. >> + (provide 'enriched) >> + (defun enriched-mode (&optional arg)) >> + (defun enriched-decode (from to)) >=20 > This fix is very safe, at the cost of disabling Enriched mode. Could > we do any better? I had suggested the following (in > https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D28350#16): >=20 > (eval-after-load "enriched" > '(defun enriched-decode-display-prop (start end &optional param) > (list start end))) >=20 > But it may not work in Emacs earlier than 23 (I can't test it). It should work, since eval-after-load predates Emacs 19.29. Though it as= sumes=20 that x-display is the only problem here.