From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Jim Porter Newsgroups: gmane.emacs.devel Subject: Re: Emacs Arbitrary Code Execution and How to Avoid It Date: Thu, 5 Dec 2024 21:30:41 -0800 Message-ID: <38faaa00-027e-6af3-989a-a0d63c16ae96@gmail.com> References: <878qswfya2.fsf@librehacker.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="13689"; mail-complaints-to="usenet@ciao.gmane.io" To: rms@gnu.org, emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Fri Dec 06 06:31:35 2024 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tJQwA-0003L9-VH for ged-emacs-devel@m.gmane-mx.org; Fri, 06 Dec 2024 06:31:34 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tJQvO-0008M8-QR; Fri, 06 Dec 2024 00:30:46 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tJQvN-0008Lu-5V for emacs-devel@gnu.org; Fri, 06 Dec 2024 00:30:45 -0500 Original-Received: from mail-pl1-x62a.google.com ([2607:f8b0:4864:20::62a]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tJQvL-0003mt-NC; Fri, 06 Dec 2024 00:30:44 -0500 Original-Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-215b13e9ccbso16528105ad.0; Thu, 05 Dec 2024 21:30:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733463042; x=1734067842; darn=gnu.org; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:mime-version:date:message-id:from:to:cc :subject:date:message-id:reply-to; bh=B0nWKPpYlXA9738MVlkihPvGPLDZ1NSDQWntSqkmzi0=; b=MXl93zx6ppQpXI85tkSb9IHvom9bAqgfJXj9TIC4OCg26cIi2f5o3JLFD/+xjRCVxw H6+dkmWfSaaadwG8cZm7t9wrot56VuLwD+p2DcfxcQ+8ztShvul8tKqVVSDtqKA1BR1b m3PxHQYaSS2ftjLhnHBpL2N/prHhnyyTW4eZhagqMxRhfeJoLHzjmUhD3phnGGmt3k78 CCZB56xHM2Y9hLmeDi4YcvfvzIWgFa+CwGw4pNQM2YmJDVqdnDAG52GxzZiMG8muYP3q auwrUi0t0sLGCvVaXKwYD4EREoAMITFSceURc6JwO+wmT4dbleFLWa/r4BIbMtJqA8yC N1FA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733463042; x=1734067842; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=B0nWKPpYlXA9738MVlkihPvGPLDZ1NSDQWntSqkmzi0=; b=YEL08AIqD1eY1phiIAko2omZfnhJJXOrp1XT4zJPC7X4JyBCTtmKjEvoEpjfNR/RTA 2mRwVSsqdIfgISdZ1LoXHeV5879jqblfgrrskasKC6+1518Yt1fwplzU9+B7PQmNR6AM m/LI5W1JyS3ky8wyKTFPkmxJLkyqx3IYbUEGa3tXauZUo7oYLsmj0zNt4PcYhoxrOo8L x3zhx9gbv/By2KLFhh/XHJ9kyQ2v1Kk/K2I8beUoYWuKNg0qPkG4p9PTm4QF33nVCTT/ EDWDPKdsgnv4D4k+KlhwTG/BrdTW9S+S0hvg0QfWguupMMtd/41WqzHHabpDOAekXLMF HF8g== X-Forwarded-Encrypted: i=1; AJvYcCWzt1FLgZe6R3uXd7QAr19yE2ZjdWrVmVU7ThFrCmVluHdnk1/lWAHCAZ009wvhX6J3muY4lbG7jbpKuw==@gnu.org X-Gm-Message-State: AOJu0YwX1cFrHTm1T5tlir5d2pQWylmALX1yroBjS4a1B/k9DtfEHTjc eQPkTDv/o3xtKHGD0Br4hDm25ggL5SJhDOboDwKu4sbpY1cGHsUM+CVs9w== X-Gm-Gg: ASbGncvOmIlyL0a6+eBCMo7k3WPIyWCZT1O99iJA9LGuM5mUJlvsaRLhOasAvymFlLr nfABlaqqxJQaGIDozh9ru+ZwhNplyFd50WS62nrtAD1nKWyReo2xsF+1wcfngX94bCI/j5xBq7V 0YvuJhTjsSExo/zCsaQNy1vQp6ftogTFekzfX0HwaoCl3x2ItrThdWURvDCXObcPkL4btfmMf0n nQQEzrit20IJ+MHQB7o0+x56UONHFXn9fu3rpzFnhW+aa+Mb/5iEnyo9beaYm7jo9HyiF4wy9Dq ikzZl6kN2K5n2mDoQbVv+AbcYdQ= X-Google-Smtp-Source: AGHT+IH0kud5NtSM8baFVXyJQ+7A9ieBzIM09EJILS1oR5P/O/2UGGxMxlyjvwDVe2fLmBQqwus84Q== X-Received: by 2002:a17:902:dac7:b0:216:1a58:1a7b with SMTP id d9443c01a7336-2161a581bc1mr9688945ad.54.1733463041529; Thu, 05 Dec 2024 21:30:41 -0800 (PST) Original-Received: from [192.168.1.2] (syn-023-240-098-037.res.spectrum.com. [23.240.98.37]) by smtp.googlemail.com with ESMTPSA id d9443c01a7336-215f8e5f130sm21308095ad.90.2024.12.05.21.30.40 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 05 Dec 2024 21:30:41 -0800 (PST) Content-Language: en-US In-Reply-To: Received-SPF: pass client-ip=2607:f8b0:4864:20::62a; envelope-from=jporterbugs@gmail.com; helo=mail-pl1-x62a.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:326114 Archived-At: On 12/5/2024 8:47 PM, Richard Stallman wrote: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > Did the person who posted this > > https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html > > send us mail, or do anything to report the bug? According to this message, Eshel had discussed this with Stefan Kangas privately (and possibly the other maintainers?) first: .