From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#24489: efaq: security risks
Date: Thu, 22 Sep 2016 06:56:25 -0400
Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?=
	=?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @
	Cienfuegos
Message-ID: <87y42kciee.fsf_-_@lifelogs.com>
References: <7ca8f2ur15.fsf@fencepost.gnu.org>
	<7ca8f2ur15.fsf@fencepost.gnu.org>
	<E1bmp24-0002tc-Bz@fencepost.gnu.org>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: blaine.gmane.org 1474541869 22348 195.159.176.226 (22 Sep 2016 10:57:49 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Thu, 22 Sep 2016 10:57:49 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux)
Cc: Lars Ingebrigtsen <larsi@gnus.org>, 24489@debbugs.gnu.org
To: Richard Stallman <rms@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Sep 22 12:57:41 2016
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1bn1gw-0002iJ-6b
	for geb-bug-gnu-emacs@m.gmane.org; Thu, 22 Sep 2016 12:57:22 +0200
Original-Received: from localhost ([::1]:38327 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1bn1gu-0002mB-Ie
	for geb-bug-gnu-emacs@m.gmane.org; Thu, 22 Sep 2016 06:57:20 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:33918)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1bn1gi-0002hI-1j
	for bug-gnu-emacs@gnu.org; Thu, 22 Sep 2016 06:57:11 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1bn1gc-0004Hr-VM
	for bug-gnu-emacs@gnu.org; Thu, 22 Sep 2016 06:57:07 -0400
Original-Received: from debbugs.gnu.org ([208.118.235.43]:54072)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1bn1gc-0004Hk-Jm
	for bug-gnu-emacs@gnu.org; Thu, 22 Sep 2016 06:57:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1bn1gc-0002aV-Bu
	for bug-gnu-emacs@gnu.org; Thu, 22 Sep 2016 06:57:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Ted Zlatanov <tzz@lifelogs.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Thu, 22 Sep 2016 10:57:02 +0000
Resent-Message-ID: <handler.24489.B24489.14745418089914@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 24489
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: security
Original-Received: via spool by 24489-submit@debbugs.gnu.org id=B24489.14745418089914
	(code B ref 24489); Thu, 22 Sep 2016 10:57:02 +0000
Original-Received: (at 24489) by debbugs.gnu.org; 22 Sep 2016 10:56:48 +0000
Original-Received: from localhost ([127.0.0.1]:60262 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1bn1gK-0002Zh-EB
	for submit@debbugs.gnu.org; Thu, 22 Sep 2016 06:56:48 -0400
Original-Received: from mail-pa0-f41.google.com ([209.85.220.41]:34869)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <tzz@lifelogs.com>) id 1bn1gE-0002ZJ-Ts
	for 24489@debbugs.gnu.org; Thu, 22 Sep 2016 06:56:42 -0400
Original-Received: by mail-pa0-f41.google.com with SMTP id oz2so28297996pac.2
	for <24489@debbugs.gnu.org>; Thu, 22 Sep 2016 03:56:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google;
	h=from:to:cc:subject:organization:references:mail-copies-to
	:gmane-reply-to-list:date:in-reply-to:message-id:user-agent
	:mime-version; bh=tgHfP2tZU8NgDlEb6pAk+M0sG+hUPp2gsRW5HvwnaBY=;
	b=pjkCz/HfcU4YpWWelclI6eYk7pWuCA6gvVYPqPocWcyszDalQZsmLLUwQYYHnmZpHY
	mXQIlwFOMph7FfPkj5XIyhzv1XzwC4tP5je1XjYP25pwiMqoDD9+n9W+d6Ib3FpJBz+H
	HR30dc3zHatGaUa8iQ+/13u3Sh4ZpJfY5/yoc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:organization:references
	:mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id
	:user-agent:mime-version;
	bh=tgHfP2tZU8NgDlEb6pAk+M0sG+hUPp2gsRW5HvwnaBY=;
	b=lE6Z2j7cjJcjAVCsMaM3RWNywb47iMoGyiUrVLl038ajkRQ+Dl/qJBz4elpkpKVMDz
	0WAAhe0AfrM1KBUPP2clJvvhkzvSaAehP8K7TwyXTG/IxFSlbWvdYZde92U1rCQiyVYw
	fSaM4isenEHpjMmsWKW1CKDpCBqvpaxVsZRsUtJ8ifyYd//U0PK/hrWhtw1sfFeksMXI
	fxtlZCDTBRpkCUgzSz9wTcGoMl43dtHdG5F0xQlPiwxx5HEgMHiwEHxqVLDhxvIKdrTp
	35Qkw30CqXWqKRbkItH4377g6ik3wszIrVWydk1Ybx3Ai5JRQxfceI0YWC47fZOKyu3k
	uiqw==
X-Gm-Message-State: AE9vXwM18iuET3yUcj8hitAAb2HMs9A62mv98wM87fhtyTrl+l3GGDZv/+Z7v7yTj90F1A==
X-Received: by 10.66.144.5 with SMTP id si5mr2224624pab.158.1474541792970;
	Thu, 22 Sep 2016 03:56:32 -0700 (PDT)
Original-Received: from flea (c-98-229-60-157.hsd1.ma.comcast.net. [98.229.60.157])
	by smtp.gmail.com with ESMTPSA id
	z187sm3212808pfz.39.2016.09.22.03.56.29
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 22 Sep 2016 03:56:32 -0700 (PDT)
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
Gmane-Reply-To-List: yes
In-Reply-To: <E1bmp24-0002tc-Bz@fencepost.gnu.org> (Richard Stallman's message
	of "Wed, 21 Sep 2016 17:26:20 -0400, Wed,
	21 Sep 2016 00:53:13 +0200")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:123543
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/123543>

On Wed, 21 Sep 2016 17:26:20 -0400 Richard Stallman <rms@gnu.org> wrote: 

>> 2) using an Emacs mail client to view HTML mail is a security risk if remote
>> content is fetched (I think it isn't by default, but this might not
>> apply to every client)

RS> Could you explain why you think it is a security risk?

On Wed, 21 Sep 2016 00:53:13 +0200 Lars Ingebrigtsen <larsi@gnus.org> wrote: 

LI> Glenn Morris <rgm@gnu.org> writes:

>> 2) using an Emacs mail client to view HTML mail is a security risk if remote
>> content is fetched (I think it isn't by default, but this might not
>> apply to every client)
>> 
>> 3) viewing remote HTML content (eg with eww or xwidgets) is likewise a
>> potential security risk.

LI> Do you mean privacy risk?

Images and other resources can carry constructed data and be used as an
execution backdoor through browser or library bugs. The following don't
necessarily apply to Emacs, they are just examples of the variety and
severity of these attacks, which have risen in popularity as direct code
injection has become harder:

http://arstechnica.com/security/2016/05/easily-exploited-bug-exposes-huge-number-of-sites-to-code-execution-attacks/

http://www.pcworld.com/article/2950578/security/microsoft-rushes-out-emergency-security-update-to-fix-critical-windows-flaw.html

http://fortune.com/2016/07/20/apple-security-bug-password-steal-text/

That being said, privacy risks can also become security risks and I think
the FAQ could be extended to include both.

Ted