From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Jason Rumney Newsgroups: gmane.emacs.devel Subject: Re: Coverity Open Source Defect Scan of Emacs Date: Thu, 06 Apr 2006 12:06:36 +0100 Message-ID: <4434F63C.5040405@gnu.org> References: NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Trace: sea.gmane.org 1144321625 9850 80.91.229.2 (6 Apr 2006 11:07:05 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Thu, 6 Apr 2006 11:07:05 +0000 (UTC) Cc: hallvor@engen.priv.no, emacs-devel@gnu.org, Ben Chelf Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Apr 06 13:07:02 2006 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1FRSKG-0000mB-QV for ged-emacs-devel@m.gmane.org; Thu, 06 Apr 2006 13:06:57 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FRSKG-0003lK-Fo for ged-emacs-devel@m.gmane.org; Thu, 06 Apr 2006 07:06:56 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FRSK1-0003j2-OA for emacs-devel@gnu.org; Thu, 06 Apr 2006 07:06:41 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FRSK0-0003he-4d for emacs-devel@gnu.org; Thu, 06 Apr 2006 07:06:41 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FRSJz-0003ha-S9 for emacs-devel@gnu.org; Thu, 06 Apr 2006 07:06:39 -0400 Original-Received: from [213.86.207.50] (helo=exchange.integrasp.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1FRSNi-0006fA-G8 for emacs-devel@gnu.org; Thu, 06 Apr 2006 07:10:30 -0400 Original-Received: from ASSP-nospam (localhost [127.0.0.1]) by exchange.integrasp.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 2MS1SWVZ; Thu, 6 Apr 2006 11:59:58 +0100 Original-Received: from 192.168.111.70 ([192.168.111.70] helo=[192.168.111.70]) by ASSP-nospam ; 6 Apr 06 10:59:58 -0000 User-Agent: Thunderbird 1.5 (Windows/20051201) Original-To: Alan Mackenzie In-Reply-To: X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:52473 Archived-At: Alan Mackenzie wrote: > For example, what sort of bugs does your product find, IIRC, the most notable bugs found by the Stanford project that I assume this is based on were in the MS Windows port, where malformed system messages could theoretically be used to make Emacs do things it shouldn't. This was not a remote exploit, and would not give the attacker any privileges it did not already have as far as I could tell.