From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Philipp Stephani Newsgroups: gmane.emacs.help Subject: Re: CVE-2017-14482 - Red Hat Customer Portal Date: Sun, 24 Sep 2017 07:13:55 +0000 Message-ID: References: <2e991bb7-c570-49ce-be94-3654945bb4b5@mousecar.com> <87d16jxjz6.fsf@eps142.cdf.udc.es> <861smzcgx3.fsf@zoho.com> <1b3bec6e-d4d5-37a7-ba54-49bd2d8281bd@yandex.com> <87377dtw33.fsf@qcore> <83zi9la78x.fsf@gnu.org> <9uvak9ib98.fsf@fencepost.gnu.org> <83poah9v5c.fsf@gnu.org> <83fubcajtg.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Trace: blaine.gmane.org 1506237279 24486 195.159.176.226 (24 Sep 2017 07:14:39 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sun, 24 Sep 2017 07:14:39 +0000 (UTC) To: Eli Zaretskii , help-gnu-emacs@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Sun Sep 24 09:14:33 2017 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dw17X-0005rw-Qe for geh-help-gnu-emacs@m.gmane.org; Sun, 24 Sep 2017 09:14:31 +0200 Original-Received: from localhost ([::1]:37144 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dw17e-0000s6-Nl for geh-help-gnu-emacs@m.gmane.org; Sun, 24 Sep 2017 03:14:38 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:58892) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dw17A-0000s1-VZ for help-gnu-emacs@gnu.org; Sun, 24 Sep 2017 03:14:09 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dw17A-0008FL-23 for help-gnu-emacs@gnu.org; Sun, 24 Sep 2017 03:14:08 -0400 Original-Received: from mail-oi0-x234.google.com ([2607:f8b0:4003:c06::234]:43772) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dw178-0008Eb-9t; Sun, 24 Sep 2017 03:14:06 -0400 Original-Received: by mail-oi0-x234.google.com with SMTP id r20so3305211oie.0; Sun, 24 Sep 2017 00:14:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Jjltesm2z41NUHgLYiKA6MENIY81qpZ79DyDGcdR7io=; b=Fqyg1kldIk7jlT0alkVDuAaOlRTKg0N2GvuOK/+6JKiXKHx5R+7blNB1AwcejrpvTt rIIfOIxEUY9MCOoq7leJLqY/5ovbHOI+Buz0hd/xIpnU6MRiGquVCWEedfPFPkunkIwM g/12Y2K+KBYTw5N3XqX7CSKGvUu+o4jnMKro49rYNK+1l73x7cpO2NCnvaE9SCY/bsHY jX5wdh1U9JXsbeKGioKdTPmSdowh6+S4QZpy8RmRr9L0ObHEeUGH7FwrdPidzsBmVjYq ExWVf8v6MJUHwaE6IV4XhP5x9Fjn/eEg04TJk5RdtYd6ocfLlBHH0iSEd/clGiU/bR42 SNIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Jjltesm2z41NUHgLYiKA6MENIY81qpZ79DyDGcdR7io=; b=YQEqOuMg8y6jVN6FhEm+kOJwnj5yp60GivtdJbrzzcpdNUWbEFyPgT0wyYLNbXaMAp gPe1Pjaobu3gpRKuOfTf0ymE/C2aPIET+5cX/7RVFkpirJ4BNLpYKHrt3RJheNT2nTKI ck+/1ADSKKcubCJK47BU6hEqhrVYk4FxUazMI6FTLCwao7LYjGAOQIdwnoHfd/MIGq19 iWUhko3pQnu5VH2cNhoxc4HR01HyrInRF5W2/DveP6LXw6ITFqIi8vVp0Yp4BXdyG7ui b32ulVvfJ6mh6O7AWBXn6D5Yc8hF9f9jQUh+8rsVTDqD3JvwDcp3koqHSjO39p5QZRNp sZkQ== X-Gm-Message-State: AHPjjUhz3U+pk2fbxzP17PpPH9b+BbZ9Fzkqm0KfCpNnuXWVmsLjTU48 OpsBLpG9zsKC+QfPlOLBh6ypUycx274Bnp2kOO0DsA== X-Google-Smtp-Source: AOwi7QDWnE9ltckRcBEhMKFuPklVus48VplLoRST8e8dn4n58l4QBUQYjbpmR4dbHdH+gtykZrnmnyRsa4i496roUqw= X-Received: by 10.202.67.194 with SMTP id q185mr392439oia.52.1506237245426; Sun, 24 Sep 2017 00:14:05 -0700 (PDT) In-Reply-To: <83fubcajtg.fsf@gnu.org> X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4003:c06::234 X-Content-Filtered-By: Mailman/MimeDel 2.1.21 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.org gmane.emacs.help:114377 Archived-At: Eli Zaretskii schrieb am So., 24. Sep. 2017 um 04:54 Uhr: > > From: Yuri Khan > > Date: Sun, 24 Sep 2017 03:50:51 +0700 > > Cc: "help-gnu-emacs@gnu.org" > > > > On Sun, Sep 24, 2017 at 12:34 AM, Eli Zaretskii wrote: > > > > > Why are you visiting a file about which you know nothing at all? > > > > Why not? Opening a file in a text editor is not normally considered a > > hazardous activity. > > A file whose source you don't trust or are unfamiliar with should > initially be examined with find-file-literally, if your security is > indeed important for you. That emulates what most other text editors > do when you open a file. > > That's an unrealistic requirement; nobody will ever do this. Emacs must make sure to never run untrusted code when visiting a file, unless the user explicitly asked for (via the enable-local-eval variable).