From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.bugs Subject: bug#24489: efaq: security risks Date: Fri, 23 Sep 2016 16:38:56 -0400 Message-ID: References: <7ca8f2ur15.fsf@fencepost.gnu.org> <7ca8f2ur15.fsf@fencepost.gnu.org> <87y42kciee.fsf_-_@lifelogs.com> Reply-To: rms@gnu.org NNTP-Posting-Host: blaine.gmane.org Content-Type: text/plain; charset=Utf-8 X-Trace: blaine.gmane.org 1474663221 2074 195.159.176.226 (23 Sep 2016 20:40:21 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 23 Sep 2016 20:40:21 +0000 (UTC) Cc: larsi@gnus.org, 24489@debbugs.gnu.org To: Ted Zlatanov Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Sep 23 22:40:17 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bnXGa-0008Kd-Ah for geb-bug-gnu-emacs@m.gmane.org; Fri, 23 Sep 2016 22:40:16 +0200 Original-Received: from localhost ([::1]:51169 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bnXGY-0004Ev-Nq for geb-bug-gnu-emacs@m.gmane.org; Fri, 23 Sep 2016 16:40:14 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:42289) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bnXGO-0004BZ-4V for bug-gnu-emacs@gnu.org; Fri, 23 Sep 2016 16:40:05 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bnXGM-0001zp-4x for bug-gnu-emacs@gnu.org; Fri, 23 Sep 2016 16:40:03 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:55770) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bnXGM-0001zc-1h for bug-gnu-emacs@gnu.org; Fri, 23 Sep 2016 16:40:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1bnXGL-0002gy-Ri for bug-gnu-emacs@gnu.org; Fri, 23 Sep 2016 16:40:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Richard Stallman Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 23 Sep 2016 20:40:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 24489 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 24489-submit@debbugs.gnu.org id=B24489.147466316210289 (code B ref 24489); Fri, 23 Sep 2016 20:40:01 +0000 Original-Received: (at 24489) by debbugs.gnu.org; 23 Sep 2016 20:39:22 +0000 Original-Received: from localhost ([127.0.0.1]:33727 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bnXFi-0002ft-8t for submit@debbugs.gnu.org; Fri, 23 Sep 2016 16:39:22 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:50099) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bnXFg-0002fh-TA for 24489@debbugs.gnu.org; Fri, 23 Sep 2016 16:39:21 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bnXFa-0000cG-Mo for 24489@debbugs.gnu.org; Fri, 23 Sep 2016 16:39:15 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:54488) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bnXFK-0000KP-HE; Fri, 23 Sep 2016 16:38:58 -0400 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1bnXFI-0005ex-Io; Fri, 23 Sep 2016 16:38:56 -0400 In-reply-to: <87y42kciee.fsf_-_@lifelogs.com> (message from Ted Zlatanov on Thu, 22 Sep 2016 06:56:25 -0400) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:123613 Archived-At: [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > Images and other resources can carry constructed data and be used as an > execution backdoor through browser or library bugs. The following don't > necessarily apply to Emacs, they are just examples of the variety and > severity of these attacks, which have risen in popularity as direct code > injection has become harder: It is no use telling people, "Be afraid of browsing." If we can't give any advice more specific than that, it would be a useless annoyance. -- Dr Richard Stallman President, Free Software Foundation (gnu.org, fsf.org) Internet Hall-of-Famer (internethalloffame.org) Skype: No way! See stallman.org/skype.html.