From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Dmitry Gutov Newsgroups: gmane.emacs.tangents Subject: Re: 2023-02-27 Emacs news Date: Tue, 28 Feb 2023 20:08:39 +0200 Message-ID: <88a8d27c-1eb3-b0f0-8929-027bbd024822@yandex.ru> References: <87ilfmprt2.fsf@sachachua.com> <87sfeqshwf.fsf@dataswamp.org> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="9329"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 Cc: emacs-tangents@gnu.org To: Yuri Khan , Jean Louis Original-X-From: emacs-tangents-bounces+get-emacs-tangents=m.gmane-mx.org@gnu.org Tue Feb 28 19:09:43 2023 Return-path: Envelope-to: get-emacs-tangents@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pX4Q3-0002Ct-3m for get-emacs-tangents@m.gmane-mx.org; Tue, 28 Feb 2023 19:09:43 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pX4PG-0004aC-4C; Tue, 28 Feb 2023 13:08:54 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pX4PA-0004WK-05 for emacs-tangents@gnu.org; Tue, 28 Feb 2023 13:08:48 -0500 Original-Received: from mail-wm1-x329.google.com ([2a00:1450:4864:20::329]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pX4P7-0006hg-O8 for emacs-tangents@gnu.org; Tue, 28 Feb 2023 13:08:47 -0500 Original-Received: by mail-wm1-x329.google.com with SMTP id m25-20020a7bcb99000000b003e7842b75f2so6413724wmi.3 for ; Tue, 28 Feb 2023 10:08:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :sender:from:to:cc:subject:date:message-id:reply-to; bh=zJFdQY17v06Xul6w58fMeHeuOMEhBPRuMGSID+P97+k=; b=Ekmb5jUDw/+At/CR3JQ8sDxho7etBe4/XVnxUaE/sZlgMuzK8Jef1NVOBlMlIrs7E2 t5RKBx8AR1h2Vt1QVF2D00iMSmp4Ne8yvFtOOcYOew5EA0x19suRLMiKY+1nhtz8pQbH ISwu+iV1vef2o4uebeDrYoDxRV+7q+GxUfu7lhaAAdRqkjozssubimRhHJkoFGoD7XoW 5LjNgMqrPmIhP+VpzMY563j9IHY6GaGfVytYZw7LJntW9WN1J/EOy5rFLkvyfOTD2xqn UcFmRh3dh9mk2LVOZZteYN1uJpZH9XFM8wObf7euSnF+P53yxFGbQszwZhiSYkXCZWtD CZKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:date:message-id :sender:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zJFdQY17v06Xul6w58fMeHeuOMEhBPRuMGSID+P97+k=; b=aSS6LEPnYqOWpIq1vovHRk8EB+8POPyzwXFt3WzMXpyJ/7BVjuQksXWhEbO7W1Q7Sf YBJJftMBr1OhXEW7+q3GKFbYgQ0ygzGujkqsN6KWoHdUBlW+G9Esd5tFjlVF3U2b9GAy rKqz9l+lz3RztluZb6Rgq10SvZ2qMdAsrjWYuym+oKA76OV+iVy1wB02W1Z6/3nnFfxO NDNdozYYuzmx+19vC+T/ZEOCZPSFyrb3zu4ma7mIrJVKn9g5qKv+5gEW3GEdL74WYTUW wYhLEQdWifhxHnc5/oUFsLnBC1jcjNqnmJEvCav9EgvRBmPtblJWAdYwgJEiGJSPpsvj OSqQ== X-Gm-Message-State: AO0yUKX60HqQpcdAWCd4JCVfVTyDYxnHvgxnPLT250UMEpjH8g7HhlfV XgWbSK9tdqOVoWGG0igOpxU= X-Google-Smtp-Source: AK7set+xPZAq7b06wS6G6+EhTzOne39mUPz0iwU2qlB7UIcgbDVRU8yc18h1nirN4Cb76I/spiBU+w== X-Received: by 2002:a05:600c:4da4:b0:3ea:e554:7808 with SMTP id v36-20020a05600c4da400b003eae5547808mr2996601wmp.19.1677607721532; Tue, 28 Feb 2023 10:08:41 -0800 (PST) Original-Received: from [192.168.0.2] ([46.251.119.176]) by smtp.googlemail.com with ESMTPSA id a5-20020a5d4565000000b002c3f81c51b6sm10252668wrc.90.2023.02.28.10.08.40 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 28 Feb 2023 10:08:41 -0800 (PST) Content-Language: en-US In-Reply-To: Received-SPF: pass client-ip=2a00:1450:4864:20::329; envelope-from=raaahh@gmail.com; helo=mail-wm1-x329.google.com X-Spam_score_int: -15 X-Spam_score: -1.6 X-Spam_bar: - X-Spam_report: (-1.6 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, NICE_REPLY_A=-0.092, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-tangents@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Emacs news and miscellaneous discussions outside the scope of other Emacs mailing lists List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-tangents-bounces+get-emacs-tangents=m.gmane-mx.org@gnu.org Original-Sender: emacs-tangents-bounces+get-emacs-tangents=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.tangents:994 Archived-At: On 28/02/2023 16:05, Yuri Khan wrote: > If you open a malicious source file in an editor, you don’t expect it > to execute any code written within, surely not before you press the > Run key. If opening a file for editing trashes your home directory, > it’s a bug and a vulnerability. If opening a file for editing causes > personal information to be sent outside, it’s a bug and a > vulnerability. Neither of that happened with the linked "vulnerability", though. It only worked if you pressed "C-c C-f" on a line that contained something like require '; rm -rf ~'