From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Sean Whitton <spwhitton@spwhitton.name>
Newsgroups: gmane.emacs.devel
Subject: Re: Reproducers for recent Emacs security issues
Date: Mon, 15 Apr 2024 17:27:22 +0800
Message-ID: <87cyqrf01x.fsf@melete.silentflame.com>
References: <875xwk8w5w.fsf@melete.silentflame.com>
 <706e1218-7451-4221-830a-ae3db3bf842e@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="4910"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13)
Cc: Ihor Radchenko <yantar92@posteo.net>,  emacs-devel@gnu.org,
 team@security.debian.org
To: Max Nikulin <manikulin@gmail.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Mon Apr 15 11:28:16 2024
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1rwIdK-00012L-42
	for ged-emacs-devel@m.gmane-mx.org; Mon, 15 Apr 2024 11:28:15 +0200
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces@gnu.org>)
	id 1rwIcn-0004za-3F; Mon, 15 Apr 2024 05:27:41 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <spwhitton@spwhitton.name>)
 id 1rwIck-0004xO-Or
 for emacs-devel@gnu.org; Mon, 15 Apr 2024 05:27:38 -0400
Original-Received: from fout1-smtp.messagingengine.com ([103.168.172.144])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <spwhitton@spwhitton.name>)
 id 1rwIcb-0002Nn-Nz
 for emacs-devel@gnu.org; Mon, 15 Apr 2024 05:27:32 -0400
Original-Received: from compute6.internal (compute6.nyi.internal [10.202.2.47])
 by mailfout.nyi.internal (Postfix) with ESMTP id D86D01380506;
 Mon, 15 Apr 2024 05:27:26 -0400 (EDT)
Original-Received: from mailfrontend1 ([10.202.2.162])
 by compute6.internal (MEProxy); Mon, 15 Apr 2024 05:27:26 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=spwhitton.name;
 h=cc:cc:content-type:content-type:date:date:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:subject:subject:to:to; s=fm1; t=1713173246; x=
 1713259646; bh=Kfz63U3g8H/hkrXuyac+Vu0tYXUlh/+EZF0T447+yAU=; b=j
 7FaGkhivnKkZ9RtsPL0zlbCn3LqnUyYktK57ECMsr+kahWxJ3vprGnE4k4ZBcATx
 Wq1LGjRpwkS263ojPFIUfPikeHZ4YyhJujmJU2pJ7a+6abUQdajb3dhd3yKLKoeP
 yXZWB5oFJgyKNuntvJzwZRaOyodh5eq55At3QJPji0LecIPoYO/MDai8LoHyuIxv
 gaYJ3t5pHIGqzLz6pB+CpKjgr53MIiPNBPFWxRDCoqY/P+Wtd98QTVAtno8M7f8w
 TGytmcA4GxDnfTWd8vmjRYYTbRVO7o4tWKMtBML+Auh4bMQcsKYqhwovZhVY3wdT
 Wmfbu7qqdpz+2g3pFrOhg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:content-type:date:date
 :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
 :message-id:mime-version:references:reply-to:subject:subject:to
 :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
 fm2; t=1713173246; x=1713259646; bh=Kfz63U3g8H/hkrXuyac+Vu0tYXUl
 h/+EZF0T447+yAU=; b=lGhzwSaAH6oeqNZsIjz2ZXEpzFJvzpq7dudIKH9jWoZ/
 JPH+mk2mrofIvbTfPxgxEva/2LmwiLKs9cvOjoSdVaCE1naLRov9VlY37wIA0cxq
 dY6K1tUzeU67PcJF7FdhP8lwLyqCxaIFG7HOgqnFeV/M3T/LYaH5yXFC6ICJVQ7j
 RzXoQLmNjFXSYWBuTBwOlCIuck5q/CNGKzWjlxNG9DPx5YFa7iox7wrJpNaEp+75
 4Q+8cmDTcKFB7GtVFVekeK38OUfkBjq3EEdjguOncB8kN5x+CqDF2u0+9wE7y43B
 LNE4YoODfsMQcyabTQDt1/nhSZikoKNrpumTwe9yNw==
X-ME-Sender: <xms:_vIcZkwbg47EO8uQr3kW3uvbtYngeAteV9FqZxFUgHreArApZLlVag>
 <xme:_vIcZoQDX9KV0mmS35lzLQBxWKzGaiQYxiktIyAVja8WWeH7Gks8kHwyduzdsV9DB
 XlduUKwsGFdoWSfSA>
X-ME-Received: <xmr:_vIcZmVvrZxk-nA0SUjFlyfu95nHkZ8sCH0ZYuGNG-52eouP_PydrLLwaSfyBYluhR-DTPejVtJkYw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudejvddgudeiucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
 cujfgurhephffvvefujghffffkfgggtgesthdttddttdertdenucfhrhhomhepufgvrghn
 ucghhhhithhtohhnuceoshhpfihhihhtthhonhesshhpfihhihhtthhonhdrnhgrmhgvqe
 enucggtffrrghtthgvrhhnpedtffdvffeuleeuvdetkedvveehgfehvdegvefghfevudek
 geegleevgeejkeetkeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrih
 hlfhhrohhmpehsphifhhhithhtohhnsehsphifhhhithhtohhnrdhnrghmvg
X-ME-Proxy: <xmx:_vIcZiiY7BNmHxDT4nyZ7akgoFEzVg5HHEfGByIdNI0WceZDUtg9NQ>
 <xmx:_vIcZmB9lD27LsvPldAGNDumWpFxZW0rQ3AOR4lrjXo_GKGx_HKiQg>
 <xmx:_vIcZjI-RPbIa0rLzNtGk5RAiiVrFhargvkNsY7tjA0qviDBeabMYw>
 <xmx:_vIcZtD4pE_dmR13W6UY88yPWutDZXgFVq650zAjKeO-Qm5AJedTMg>
 <xmx:_vIcZp_RzjW4rLP6VYlub1eIgJZ1ElpqYzXwc7lT5xIT3X2orJMVa1bh>
Feedback-ID: i23c04076:Fastmail
Original-Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon,
 15 Apr 2024 05:27:25 -0400 (EDT)
Original-Received: by melete.silentflame.com (Postfix, from userid 1000)
 id 43E4C7E0C77; Mon, 15 Apr 2024 17:27:22 +0800 (CST)
In-Reply-To: <706e1218-7451-4221-830a-ae3db3bf842e@gmail.com> (Max Nikulin's
 message of "Sun, 14 Apr 2024 11:41:31 +0700")
Received-SPF: pass client-ip=103.168.172.144;
 envelope-from=spwhitton@spwhitton.name; helo=fout1-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.devel:317729
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/317729>

Hello Max, thank you for these.

On Sun 14 Apr 2024 at 11:41am +07, Max Nikulin wrote:

> Attachment content:
>
> ---- 8< ----
>
> #+startup: latexpreview
> LaTeX:
>
> \begin{equation}
> \newwrite\testfile\openout\testfile=\jobname.poc
> \write\testfile{PoC}
> \closeout\testfile
> A \to \textrm{/tmp/\jobname.poc}
> \end{equation}
>
> *Warning!* Change the math snippet before every test
> or remove the cached image.
> ---- >8 ----
>
> 3. Open message.
>
> LaTeX preview never worked in attachment inline preview.
> Check that a file is created in /tmp/
>      ls -l tmp/orgtex*.poc

Unfortunately, I couldn't reproduce this.
I expanded the inline preview but nothing appeared in /tmp.  If I saved
the attachment and opened it as a regular file, then the image gets
generated in /tmp and displayed in-buffer, but that's a different issue.

This is Emacs 28.2, btw.  Would you expect it not to work there?

-- 
Sean Whitton