From: Daniel Radetsky <dradetsky@gmail.com>
To: Eshel Yaron <me@eshelyaron.com>
Cc: emacs-devel@gnu.org, Stefan Monnier <monnier@iro.umontreal.ca>,
Stefan Kangas <stefankangas@gmail.com>,
Andrea Corallo <acorallo@gnu.org>, Eli Zaretskii <eliz@gnu.org>
Subject: Re: CVE-2024-53920 Emacs arbitrary code execution via unsafe macro-expansion
Date: Tue, 26 Nov 2024 23:57:53 -0800 [thread overview]
Message-ID: <qq4rkpuoselwrytif2q3xlh6mnzq5kji6ihmaacqr6shxhjfke@sngkph5ac4ps> (raw)
In-Reply-To: <m1a5dltb04.fsf@macbookpro.home>
On Wed, Nov 27, 2024 at 08:02:35AM +0100, Eshel Yaron wrote:
> Hi all,
>
> I've just published an advisory regarding an arbitrary code execution
> vulnerability in Emacs, which has been assigned CVE-2024-53920:
>
> https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html
Slight correction: you wrote:
> In some Emacs “distributions”, such as the popular Doom
> Emacs and Prelude, either Flymake or Flycheck are enabled
> by default in ELisp mode.
This is not true of Doom, which I use. I had to modify my
init form (which is the same as the current default in this
respect) from
:checkers
syntax ; tasing you for every semicolon you forget
to
:checkers
(syntax +flymake) ; tasing you for every semicolon you forget
in order to get your rx poc to create /tmp/owned simply by
visiting the file. This is the only doom module which can
activate flymake.
Is the same true of flycheck? It's harder to tell, but I
think the answer is also no. In any case, while I didn't
intentionally test this on the literal default
configuration, I also never explicitly disabled flycheck and
it isn't running and I had to make the above-mentioned
change to get your poc to work.
--dmr
next prev parent reply other threads:[~2024-11-27 7:57 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-27 7:02 CVE-2024-53920 Emacs arbitrary code execution via unsafe macro-expansion Eshel Yaron
2024-11-27 7:57 ` Daniel Radetsky [this message]
2024-11-27 8:40 ` Eshel Yaron
2024-11-27 9:46 ` Daniel Radetsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=qq4rkpuoselwrytif2q3xlh6mnzq5kji6ihmaacqr6shxhjfke@sngkph5ac4ps \
--to=dradetsky@gmail.com \
--cc=acorallo@gnu.org \
--cc=eliz@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=me@eshelyaron.com \
--cc=monnier@iro.umontreal.ca \
--cc=stefankangas@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).