From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability
Date: Sat, 26 Nov 2022 14:28:22 +0200
Message-ID: <835yf1ucgp.fsf@gnu.org>
References: <tencent_624F1E3EBC2BD88CD37906B526AE46F60E05@qq.com>
 <837czkw7sl.fsf@gnu.org>
 <CADwFkm=dVGnXdc5z9BZfoR4DfCaxhEsJNNFtO6LP8VkX06044g@mail.gmail.com>
 <8335a8w643.fsf@gnu.org>
 <tencent_BA67F66A766B02EE74E407C2D58269381B09@qq.com>
 <83fse7ut10.fsf@gnu.org>
 <tencent_080E27FACC7ECD790DD11DA4FC73F8483006@qq.com>
 <CADwFkmnMWV8wwfTXmtXzk9m93EJZDkEM_7pDg7Rrcs_62du1+A@mail.gmail.com>
 <tencent_8289CB3384E705777122CF04D524D7B4DD0A@qq.com>
 <CADwFkmkO1BgBdKke5ieKqie97SfmB5FShGmm_Q5tNjePzmmVfA@mail.gmail.com>
 <83cz9at42n.fsf@gnu.org> <tencent_A9399566146BF66A0CEFAEE4B3C285839109@qq.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="34973"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: 59544@debbugs.gnu.org, stefankangas@gmail.com
To: lux <lx@shellcodes.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Nov 26 13:29:25 2022
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1oyuJA-0008sY-OY
	for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 26 Nov 2022 13:29:24 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1oyuIz-0006xE-Qm; Sat, 26 Nov 2022 07:29:13 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1oyuIq-0006w4-CA
 for bug-gnu-emacs@gnu.org; Sat, 26 Nov 2022 07:29:06 -0500
Original-Received: from debbugs.gnu.org ([209.51.188.43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1oyuIp-0000Ub-QL
 for bug-gnu-emacs@gnu.org; Sat, 26 Nov 2022 07:29:03 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1oyuIo-0001W8-LY
 for bug-gnu-emacs@gnu.org; Sat, 26 Nov 2022 07:29:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Eli Zaretskii <eliz@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sat, 26 Nov 2022 12:29:02 +0000
Resent-Message-ID: <handler.59544.B59544.16694656935772@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 59544
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: security patch
Original-Received: via spool by 59544-submit@debbugs.gnu.org id=B59544.16694656935772
 (code B ref 59544); Sat, 26 Nov 2022 12:29:02 +0000
Original-Received: (at 59544) by debbugs.gnu.org; 26 Nov 2022 12:28:13 +0000
Original-Received: from localhost ([127.0.0.1]:38077 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1oyuI1-0001V2-FW
 for submit@debbugs.gnu.org; Sat, 26 Nov 2022 07:28:13 -0500
Original-Received: from eggs.gnu.org ([209.51.188.92]:54258)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@gnu.org>) id 1oyuHx-0001Ul-Or
 for 59544@debbugs.gnu.org; Sat, 26 Nov 2022 07:28:12 -0500
Original-Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>)
 id 1oyuHr-0000IU-9N; Sat, 26 Nov 2022 07:28:03 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From:
 Date; bh=LMP8opA5RW0iWAkyZteNVCRAvl8xvJRWoJk6Haw/iNU=; b=Bll1J33NbYmvuzkwEODt
 yRUaD7nxXp1Io/dkLBM8D1VIn1aDF9B2+iKOzqm7WMtAPIgG4VXmEvf5hKpUdyi4OfLub1VRg8QjQ
 CzUVb2qXyzF0vyqhPqyGc78rEfxrcnlrG5hAwNfwBcOLPH/tf8iPY9FPzLUrKuKBioKT9eDgsF8YK
 4nMQYkgqCkH1TGP5vISzaOGtjIwE6rsWkQMzXDJ6MluMSh8Az1NseewquhA77vOhGXadReLaWMjkv
 2ewwlULoK8Mcwmz83t6OqGne2T3RyvsTwCiW4AxAq70FmcrSn+wPzUPBswYClIlrVqVFSu/MG8wB6
 WyLLTD9kd3eWow==;
Original-Received: from [87.69.77.57] (helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@gnu.org>)
 id 1oyuHm-0000LM-ON; Sat, 26 Nov 2022 07:27:59 -0500
In-Reply-To: <tencent_A9399566146BF66A0CEFAEE4B3C285839109@qq.com> (message
 from lux on Sat, 26 Nov 2022 18:41:22 +0800)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:249076
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/249076>

> Date: Sat, 26 Nov 2022 18:41:22 +0800
> Cc: 59544@debbugs.gnu.org
> From: lux <lx@shellcodes.org>
> 
> > We've lived with this "security issue" for decades, so I see nothing here that justifies
> > "ASAP".
> Maybe someone found it, but didn't publish it?

Fixing it will not magically remove the problem from all the Emacs
installations out there, will it?  It will only help to people who track the
master branch and rebuild Emacs very frequently on top of that.

So the urgency of fixing it is not measured in hours anyway.

> for example, the lib-src/ntlib.c:
> 
> char *
> cuserid (char * s)
> {
>    char * name = getlogin ();
>    if (s)
>      return strcpy (s, name ? name : "");
>    return name;
> }
> 
> before calling the strcpy function, the memory size of the pointer s is 
> not checked, which may destroy the memory space. So, I want to replace 
> it with a safe function, any suggestions?

The above function doesn't seem to be called anywhere in Emacs, so making it
better is a waste of energy.  It should probably be removed.