From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: "Marshall, Simon" <Simon.Marshall@misys.com>
Newsgroups: gmane.emacs.devel
Subject: RE: [mwelinder@gmail.com: Emacs security bug]
Date: Mon, 12 May 2008 17:37:20 +0100
Message-ID: <6EE216E1AA959543A555C60FF34FB767041E7950@maileube01.misys.global.ad>
References: <u3aorm9tf.fsf@gnu.org>
	<87mymy6wnq.fsf@stupidchicken.com><6EE216E1AA959543A555C60FF34FB7670418B0A2@maileube01.misys.global.ad>
	<jwvskwnoat0.fsf-monnier+emacs@gnu.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----_=_NextPart_001_01C8B44E.73011A62"
X-Trace: ger.gmane.org 1210610320 5838 80.91.229.12 (12 May 2008 16:38:40 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Mon, 12 May 2008 16:38:40 +0000 (UTC)
Cc: Chong Yidong <cyd@stupidchicken.com>, mwelinder@gmail.com,
	Eli Zaretskii <eliz@gnu.org>, emacs-devel@gnu.org
To: "Stefan Monnier" <monnier@iro.umontreal.ca>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon May 12 18:39:16 2008
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1Jvb3N-00026f-24
	for ged-emacs-devel@m.gmane.org; Mon, 12 May 2008 18:39:09 +0200
Original-Received: from localhost ([127.0.0.1]:33167 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1Jvb2e-0004xn-58
	for ged-emacs-devel@m.gmane.org; Mon, 12 May 2008 12:38:24 -0400
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1Jvb2Z-0004xC-M1
	for emacs-devel@gnu.org; Mon, 12 May 2008 12:38:19 -0400
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1Jvb2X-0004wt-5N
	for emacs-devel@gnu.org; Mon, 12 May 2008 12:38:18 -0400
Original-Received: from [199.232.76.173] (port=56403 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Jvb2X-0004wn-1G
	for emacs-devel@gnu.org; Mon, 12 May 2008 12:38:17 -0400
Original-Received: from cluster-a.mailcontrol.com ([80.69.8.190]:53475)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <Simon.Marshall@misys.com>)
	id 1Jvb2R-0001i3-66; Mon, 12 May 2008 12:38:11 -0400
Original-Received: from rly07a.srv.mailcontrol.com (localhost.localdomain [127.0.0.1])
	by rly07a.srv.mailcontrol.com (MailControl) with ESMTP id
	m4CGbxY1030046; Mon, 12 May 2008 17:38:09 +0100
Original-Received: from submission.mailcontrol.com (submission.mailcontrol.com
	[86.111.216.190])
	by rly07a.srv.mailcontrol.com (MailControl) id m4CGbSwK028867;
	Mon, 12 May 2008 17:37:28 +0100
Original-Received: from maileube01.misys.global.ad ([217.196.233.105])
	by rly07a-eth0.srv.mailcontrol.com (envelope-sender
	Simon.Marshall@misys.com) (MIMEDefang) with ESMTP id
	m4CGY6Iw019902; Mon, 12 May 2008 17:37:27 +0100 (BST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
Thread-Topic: [mwelinder@gmail.com: Emacs security bug]
Thread-Index: Aci0POO7opHIpYh5R7GQLO7Ly3zWKAAEKv6A
X-Scanned-By: MailControl A-08-50-03 (www.mailcontrol.com) on 10.65.1.117
X-detected-kernel: by monty-python.gnu.org: Linux 2.4-2.6
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:97038
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/97038>

This is a multi-part message in MIME format.

------_=_NextPart_001_01C8B44E.73011A62
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

> I see no point in investing any significant time to try and fix
> this problem.

Phew.

> > Probably the most reasonable fix, in the circumstances, is to make
> > fast-lock-cache-directories a risky local variable and remove "."
from
> > its default value?
>=20
> Sounds OK.

Attached is a patch.  Simon.



 "Misys" is the trade name for Misys plc (registered in England and Wales).=
 Registration Number: 01360027. Registered office: Burleigh House, Chapel O=
ak, Salford Priors, Evesham WR11 8SP. For a list of Misys group operating c=
ompanies please go to http://www.misys.com/html/about_us/group_operating_co=
mpanies/. This email and any attachments have been scanned for known viruse=
s using multiple scanners.=20
=20
We believe that this email and any attachments are virus free, however the =
recipient must take full responsibility for virus checking. This email mess=
age is intended for the named recipient only. It may be privileged and/or c=
onfidential. If you are not the named recipient of this email please notify=
 us immediately and do not copy it or use it for any purpose, nor disclose =
its contents to any other person. This email does not constitute the commen=
cement of legal relations between you and Misys plc. Please refer to the ex=
ecuted contract between you and the relevant member of the Misys group for =
the identity of the contracting party with which you are dealing.=20

------_=_NextPart_001_01C8B44E.73011A62
Content-Type: application/octet-stream;
	name="fast-lock.diff"
Content-Transfer-Encoding: base64
Content-Description: fast-lock.diff
Content-Disposition: attachment; filename="fast-lock.diff"

KioqIGZhc3QtbG9jay5lbC5+MX4JVGh1IEphbiAxMCAxMjoxNTo0MCAyMDA4
Ci0tLSBmYXN0LWxvY2suZWwJTW9uIE1heSAxMiAxNzozMDoyOCAyMDA4Cioq
KioqKioqKioqKioqKgoqKiogMjg2LDI5MiAqKioqCiAgCQkJCSAgICAgIChp
bnRlZ2VyIDp0YWcgInNpemUiKSkpKSkKICAgIDpncm91cCAnZmFzdC1sb2Nr
KQogIAohIChkZWZjdXN0b20gZmFzdC1sb2NrLWNhY2hlLWRpcmVjdG9yaWVz
ICcoIi4iICJ+Ly5lbWFjcy1mbGMiKQogIDsgLSBgaW50ZXJuYWwnLCBrZWVw
IGVhY2ggZmlsZSdzIEZvbnQgTG9jayBjYWNoZSBmaWxlIGluIHRoZSBzYW1l
IGZpbGUuCiAgOyAtIGBleHRlcm5hbCcsIGtlZXAgZWFjaCBmaWxlJ3MgRm9u
dCBMb2NrIGNhY2hlIGZpbGUgaW4gdGhlIHNhbWUgZGlyZWN0b3J5LgogICAg
IipEaXJlY3RvcmllcyBpbiB3aGljaCBGb250IExvY2sgY2FjaGUgZmlsZXMg
YXJlIHNhdmVkIGFuZCByZWFkLgotLS0gMjg2LDI5MiAtLS0tCiAgCQkJCSAg
ICAgIChpbnRlZ2VyIDp0YWcgInNpemUiKSkpKSkKICAgIDpncm91cCAnZmFz
dC1sb2NrKQogIAohIChkZWZjdXN0b20gZmFzdC1sb2NrLWNhY2hlLWRpcmVj
dG9yaWVzICcoIn4vLmVtYWNzLWZsYyIpCiAgOyAtIGBpbnRlcm5hbCcsIGtl
ZXAgZWFjaCBmaWxlJ3MgRm9udCBMb2NrIGNhY2hlIGZpbGUgaW4gdGhlIHNh
bWUgZmlsZS4KICA7IC0gYGV4dGVybmFsJywga2VlcCBlYWNoIGZpbGUncyBG
b250IExvY2sgY2FjaGUgZmlsZSBpbiB0aGUgc2FtZSBkaXJlY3RvcnkuCiAg
ICAiKkRpcmVjdG9yaWVzIGluIHdoaWNoIEZvbnQgTG9jayBjYWNoZSBmaWxl
cyBhcmUgc2F2ZWQgYW5kIHJlYWQuCioqKioqKioqKioqKioqKgoqKiogMzA0
LDMxNSAqKioqCiAgICgoXCJeL3lvdXIvdHJ1ZS9ob21lL2RpcmVjdG9yeS9c
IiAuIFwiLlwiKSBcIn4vLmVtYWNzLWZsY1wiKQogIAogIHdvdWxkIGNhdXNl
IGEgZmlsZSdzIGN1cnJlbnQgZGlyZWN0b3J5IHRvIGJlIHVzZWQgaWYgdGhl
IGZpbGUgaXMgdW5kZXIgeW91cgohIGhvbWUgZGlyZWN0b3J5IGhpZXJhcmNo
eSwgb3Igb3RoZXJ3aXNlIHRoZSBhYnNvbHV0ZSBkaXJlY3RvcnkgYH4vLmVt
YWNzLWZsYycuIgogICAgOnR5cGUgJyhyZXBlYXQgKHJhZGlvIChkaXJlY3Rv
cnkgOnRhZyAiZGlyZWN0b3J5IikKICAJCQkoY29ucyA6dGFnICJNYXRjaGlu
ZyIKICAJCQkgICAgICAocmVnZXhwIDp0YWcgInJlZ2V4cCIpCiAgCQkJICAg
ICAgKGRpcmVjdG9yeSA6dGFnICJkaXJlY3RvcnkiKSkpKQogICAgOmdyb3Vw
ICdmYXN0LWxvY2spCiAgCiAgKGRlZmN1c3RvbSBmYXN0LWxvY2stc2F2ZS1l
dmVudHMgJyhraWxsLWJ1ZmZlciBraWxsLWVtYWNzKQogICAgIipFdmVudHMg
dW5kZXIgd2hpY2ggY2FjaGVzIHdpbGwgYmUgc2F2ZWQuCi0tLSAzMDQsMzE4
IC0tLS0KICAgKChcIl4veW91ci90cnVlL2hvbWUvZGlyZWN0b3J5L1wiIC4g
XCIuXCIpIFwifi8uZW1hY3MtZmxjXCIpCiAgCiAgd291bGQgY2F1c2UgYSBm
aWxlJ3MgY3VycmVudCBkaXJlY3RvcnkgdG8gYmUgdXNlZCBpZiB0aGUgZmls
ZSBpcyB1bmRlciB5b3VyCiEgaG9tZSBkaXJlY3RvcnkgaGllcmFyY2h5LCBv
ciBvdGhlcndpc2UgdGhlIGFic29sdXRlIGRpcmVjdG9yeSBgfi8uZW1hY3Mt
ZmxjJy4KISBGb3Igc2VjdXJpdHkgcmVhc29ucywgaXQgaXMgbm90IGFkdmlz
YWJsZSB0byB1c2UgdGhlIGZpbGUncyBjdXJyZW50IGRpcmVjdG9yeQohIHRv
IGF2b2lkIHRoZSBwb3NzaWJpbGl0eSBvZiB1c2luZyB0aGUgY2FjaGUgb2Yg
YW5vdGhlciB1c2VyLiIKICAgIDp0eXBlICcocmVwZWF0IChyYWRpbyAoZGly
ZWN0b3J5IDp0YWcgImRpcmVjdG9yeSIpCiAgCQkJKGNvbnMgOnRhZyAiTWF0
Y2hpbmciCiAgCQkJICAgICAgKHJlZ2V4cCA6dGFnICJyZWdleHAiKQogIAkJ
CSAgICAgIChkaXJlY3RvcnkgOnRhZyAiZGlyZWN0b3J5IikpKSkKICAgIDpn
cm91cCAnZmFzdC1sb2NrKQorIChwdXQgJ2Zhc3QtbG9jay1jYWNoZS1kaXJl
Y3RvcmllcyAncmlza3ktbG9jYWwtdmFyaWFibGUgdCkKICAKICAoZGVmY3Vz
dG9tIGZhc3QtbG9jay1zYXZlLWV2ZW50cyAnKGtpbGwtYnVmZmVyIGtpbGwt
ZW1hY3MpCiAgICAiKkV2ZW50cyB1bmRlciB3aGljaCBjYWNoZXMgd2lsbCBi
ZSBzYXZlZC4K

------_=_NextPart_001_01C8B44E.73011A62
Content-Type: application/octet-stream;
	name="ChangeLog.diff"
Content-Transfer-Encoding: base64
Content-Description: ChangeLog.diff
Content-Disposition: attachment; filename="ChangeLog.diff"

KioqIENoYW5nZUxvZ34JV2VkIE1hciAyNiAxMzozMjo0NCAyMDA4Ci0tLSBD
aGFuZ2VMb2cJTW9uIE1heSAxMiAxNzozMzozOCAyMDA4CioqKioqKioqKioq
KioqKgoqKiogMSwzICoqKioKLS0tIDEsOCAtLS0tCisgMjAwOC0wNS0xMiAg
U2ltb24gTWFyc2hhbGwgIDxzaW1vbkBnbnUub3JnPgorIAorIAkqIGZhc3Qt
bG9jay5lbCAoZmFzdC1sb2NrLWNhY2hlLWRpcmVjdG9yaWVzKTogUmVtb3Zl
ICIuIiBmcm9tIGl0cworIAlkZWZhdWx0IHZhbHVlIGFuZCBnaXZlIGl0IHRo
ZSByaXNreS1sb2NhbC12YXJpYWJsZSBwcm9wZXJ0eS4KKyAKICAyMDA4LTAz
LTI2ICBDaG9uZyBZaWRvbmcgIDxjeWRAc3R1cGlkY2hpY2tlbi5jb20+CiAg
CiAgCSogVmVyc2lvbiAyMi4yIHJlbGVhc2VkLgo=

------_=_NextPart_001_01C8B44E.73011A62--