From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.help Subject: Re: CVE-2017-14482 - Red Hat Customer Portal Date: Fri, 29 Sep 2017 10:11:29 +0300 Message-ID: <83d16a9dy6.fsf@gnu.org> References: <2e991bb7-c570-49ce-be94-3654945bb4b5@mousecar.com> <87d16jxjz6.fsf@eps142.cdf.udc.es> <861smzcgx3.fsf@zoho.com> <1b3bec6e-d4d5-37a7-ba54-49bd2d8281bd@yandex.com> <87377dtw33.fsf@qcore> <83zi9la78x.fsf@gnu.org> <9uvak9ib98.fsf@fencepost.gnu.org> <83poah9v5c.fsf@gnu.org> <83fubcajtg.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org X-Trace: blaine.gmane.org 1506669131 30025 195.159.176.226 (29 Sep 2017 07:12:11 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 29 Sep 2017 07:12:11 +0000 (UTC) To: help-gnu-emacs@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Fri Sep 29 09:12:08 2017 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dxpSs-0006pe-KR for geh-help-gnu-emacs@m.gmane.org; Fri, 29 Sep 2017 09:12:02 +0200 Original-Received: from localhost ([::1]:33955 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dxpSw-0001kp-Oe for geh-help-gnu-emacs@m.gmane.org; Fri, 29 Sep 2017 03:12:06 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:33603) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dxpSW-0001kf-Ab for help-gnu-emacs@gnu.org; Fri, 29 Sep 2017 03:11:41 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dxpST-0000Va-50 for help-gnu-emacs@gnu.org; Fri, 29 Sep 2017 03:11:40 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:57274) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dxpST-0000VR-16 for help-gnu-emacs@gnu.org; Fri, 29 Sep 2017 03:11:37 -0400 Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:4916 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dxpSS-0000fy-Dk for help-gnu-emacs@gnu.org; Fri, 29 Sep 2017 03:11:36 -0400 In-reply-to: (message from Philipp Stephani on Sun, 24 Sep 2017 07:13:55 +0000) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.org gmane.emacs.help:114459 Archived-At: > From: Philipp Stephani > Date: Sun, 24 Sep 2017 07:13:55 +0000 > > A file whose source you don't trust or are unfamiliar with should > initially be examined with find-file-literally, if your security is > indeed important for you. That emulates what most other text editors > do when you open a file. > > That's an unrealistic requirement; nobody will ever do this. If you care about your security, you will. Nowadays, no text file should be considered safe, if you don't know or don't trust its origin. > Emacs must make sure to never run untrusted > code when visiting a file, unless the user explicitly asked for (via the enable-local-eval variable). Emacs does. But since this is done by humans, sometimes errors creep in, and in this case the error took many years to be uncovered. Which is why taking local precautions is always a good idea.