From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: "Ludwig, Mark" Newsgroups: gmane.emacs.help Subject: RE: CVE-2017-14482 - Red Hat Customer Portal Date: Mon, 25 Sep 2017 22:08:28 +0000 Message-ID: References: <2e991bb7-c570-49ce-be94-3654945bb4b5@mousecar.com> <87d16jxjz6.fsf@eps142.cdf.udc.es> <861smzcgx3.fsf@zoho.com> <1b3bec6e-d4d5-37a7-ba54-49bd2d8281bd@yandex.com> <87377dtw33.fsf@qcore> <83zi9la78x.fsf@gnu.org> <9uvak9ib98.fsf@fencepost.gnu.org> <83poah9v5c.fsf@gnu.org> <83fubcajtg.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1506397448 9866 195.159.176.226 (26 Sep 2017 03:44:08 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Tue, 26 Sep 2017 03:44:08 +0000 (UTC) Cc: "help-gnu-emacs@gnu.org" To: Glenn Morris , Eli Zaretskii Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Tue Sep 26 05:44:03 2017 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dwgmx-0002Fb-IZ for geh-help-gnu-emacs@m.gmane.org; Tue, 26 Sep 2017 05:44:03 +0200 Original-Received: from localhost ([::1]:45428 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dwgn4-0008RH-Tv for geh-help-gnu-emacs@m.gmane.org; Mon, 25 Sep 2017 23:44:10 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:33469) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dwbsm-00046u-Dq for help-gnu-emacs@gnu.org; Mon, 25 Sep 2017 18:29:45 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dwbsl-0002X8-Lr for help-gnu-emacs@gnu.org; Mon, 25 Sep 2017 18:29:44 -0400 Original-Received: from usslmhub002.ugs.com ([134.244.32.85]:12540 helo=ugs.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dwbsg-0002RE-Pn; Mon, 25 Sep 2017 18:29:38 -0400 Original-Received: from USSLMMBX004.net.plm.eds.com ([fe80::7864:6641:bb55:eb3b]) by USSLMHUB002.net.plm.eds.com ([134.244.32.85]) with mapi id 14.03.0361.001; Mon, 25 Sep 2017 17:08:30 -0500 Thread-Topic: CVE-2017-14482 - Red Hat Customer Portal Thread-Index: AQHTNkT8GNmjlh/lvkCWpFUrvw7rbKLGJ/Kw In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [146.122.71.14] x-tm-as-product-ver: SMEX-12.0.0.1727-8.100.1062-23350.004 x-tm-as-result: No--24.249100-0.000000-31 x-tm-as-matchedid: 1-150567-701625-704425-700685-700755-139010-700075-110462 -704496-710019-186104-704689-703788-702666-705837-847575-702020-106230-7007 81-711331-701632-706977-303277-703835-188019-148004-148133-42000-42003-63 x-tm-as-user-approved-sender: Yes x-tm-as-user-blocked-sender: No X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 134.244.32.85 X-Mailman-Approved-At: Mon, 25 Sep 2017 23:42:08 -0400 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.org gmane.emacs.help:114405 Archived-At: > From Glenn Morris, Monday, September 25, 2017 4:27 PM >=20 > Eli Zaretskii wrote: >=20 > > A file whose source you don't trust or are unfamiliar with should > > initially be examined with find-file-literally, if your security is > > indeed important for you. That emulates what most other text editors > > do when you open a file. >=20 > Wow. I find this an extraordinary statement. For example, it means > that "emacs [-Q] somefile" could eg happily delete your home directory. > Please reconsider. It is an unhappy reality, but this is no different from other sophisticated file formats. Consider the wisdom of "firefox foo.html" where=20 you do not know what is in foo.html. You may /think/ you just want to=20 "view" what is in foo.html....