From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: bug#37656: 27.0.50; Arbitrary code execution with special `mode:'
Date: Wed, 16 Oct 2019 09:43:02 +0300
Message-ID: <83h849fax5.fsf@gnu.org>
References: <CAJw81dZZmX=z-YFDwvEkuWR6xH+cf=mR9h-fcZTphwdXWrA5wg@mail.gmail.com>
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="243689"; mail-complaints-to="usenet@blaine.gmane.org"
Cc: emacs-devel@gnu.org
To: adam plaice <plaice.adam+lists@gmail.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Oct 16 08:43:33 2019
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.89)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1iKd1x-0011HK-A0
	for ged-emacs-devel@m.gmane.org; Wed, 16 Oct 2019 08:43:33 +0200
Original-Received: from localhost ([::1]:37664 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1iKd1v-0003Vr-D5
	for ged-emacs-devel@m.gmane.org; Wed, 16 Oct 2019 02:43:31 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:58381)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eliz@gnu.org>) id 1iKd1k-0003Vi-98
 for emacs-devel@gnu.org; Wed, 16 Oct 2019 02:43:21 -0400
Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:36367)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
 id 1iKd1j-0001eV-RU; Wed, 16 Oct 2019 02:43:19 -0400
Original-Received: from [176.228.60.248] (port=3214 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@gnu.org>)
 id 1iKd1j-00069y-3U; Wed, 16 Oct 2019 02:43:19 -0400
In-reply-to: <CAJw81dZZmX=z-YFDwvEkuWR6xH+cf=mR9h-fcZTphwdXWrA5wg@mail.gmail.com>
 (message from adam plaice on Tue, 15 Oct 2019 23:05:01 +0200)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:241080
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/241080>

> From: adam plaice <plaice.adam+lists@gmail.com>
> Date: Tue, 15 Oct 2019 23:05:01 +0200
> Cc: 37656@debbugs.gnu.org
> 
> Since the bug allows an attacker to execute arbitrary code if the
> victim opens a payload file, and hence opening any file from an
> untrusted source becomes dangerous, it seems to be rather
> serious.

Please don't cross-post bug reports.  Please use only one of these two
lists for any discussions, preferably the bug list.  Doing it on both
tends to cause some of the responses to be archived in one list,
others in another, and makes the discussion confused, confusing, and
complicated to follow.

I suggest to continue discussing this only on the bug list.

Thanks in advance.