From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Max Nikulin Newsgroups: gmane.emacs.devel Subject: Re: Reproducers for recent Emacs security issues Date: Mon, 15 Apr 2024 18:20:12 +0700 Message-ID: References: <875xwk8w5w.fsf@melete.silentflame.com> <706e1218-7451-4221-830a-ae3db3bf842e@gmail.com> <87cyqrf01x.fsf@melete.silentflame.com> <87mspv6kf0.fsf@localhost> <87y19fdklq.fsf@melete.silentflame.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------8AXjukABXHAihcnm7fxMvmkZ" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="33293"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mozilla Thunderbird Cc: emacs-devel@gnu.org, team@security.debian.org To: Sean Whitton , Ihor Radchenko Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Mon Apr 15 13:21:24 2024 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rwKOp-0008WG-3j for ged-emacs-devel@m.gmane-mx.org; Mon, 15 Apr 2024 13:21:23 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rwKNq-0005sG-6Y; Mon, 15 Apr 2024 07:20:22 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rwKNm-0005ru-Tl for emacs-devel@gnu.org; Mon, 15 Apr 2024 07:20:19 -0400 Original-Received: from mail-lf1-x134.google.com ([2a00:1450:4864:20::134]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rwKNk-0001Dw-DZ for emacs-devel@gnu.org; Mon, 15 Apr 2024 07:20:18 -0400 Original-Received: by mail-lf1-x134.google.com with SMTP id 2adb3069b0e04-516d4d80d00so3799437e87.0 for ; Mon, 15 Apr 2024 04:20:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713180014; x=1713784814; darn=gnu.org; h=in-reply-to:content-language:references:cc:to:subject:from :user-agent:mime-version:date:message-id:sender:from:to:cc:subject :date:message-id:reply-to; bh=Qp+hZ0vLh3Y4V9LqMuMT3TCuwAIEhsv41zqGYO+0weo=; b=PAiA51PVttZmN2ZKPbOq4Qg5sX4dzH8Pi2WOWYPgvar1LYSaCvck3cJCNu61AjMZe6 im9BDMvKXbSVq3qmn84hzdz0G9yrTFTWtMmUQC0Y9JB86FMpxgRFgsHV4hCRzSKGNOrb qoWOwdlXcj3DI8sg8xBSedsbXrLSQ5df5peAJXBhAK3+Ntv7XmVgZo9p8SpUjX5H4+ES qM5eT58z2LiK3heeaxNUJiIIDqNQ3TvfCJfAgL1EiS0tpt8+Hw5VvtkKXt3gKvAlR/UL ZllR1I3X49M+LzSu0JUFOoOYTTcSSp1F9lyvZ6mG1erU2hPrt4a6593sBuMMvI2vhZZR 0R9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713180014; x=1713784814; h=in-reply-to:content-language:references:cc:to:subject:from :user-agent:mime-version:date:message-id:sender:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Qp+hZ0vLh3Y4V9LqMuMT3TCuwAIEhsv41zqGYO+0weo=; b=s6TcOgfzRuS1XcRc+fPn/X1ZdlioatH5h3cHXYKGBlcscAClF9jXLK71QllZrg5r2y Y358qryo9vWwIyYXLMZ88NEwI3vCW3ib3bkJJQnMh0JlshHboB9qjfwfFptoyoURcORP XdGTJfGJUGJRYpBDpGbKOrxy8mDKeKzIxDG0dE9cwzXcQPbtX5IMPKwqXU9bQGAQmKiY HXV+86PFXNuUWP2Mzp4eUXXmO3v8EYpR4Evkk2EJxqQB+G1gpBBxl5cdXs1yVee0HN6t 7Mvolo8mlavPm7Fl+cdtht8ZKJfozJk1FPUsTjVBPlp9Wf40t1TB/ldWFP7hmZHfl7r1 dm6w== X-Gm-Message-State: AOJu0YynZBbRzF+65v6RtRsJZ2KwPfoxQAcAlylKY45ouZLP/uciJrTt bNPHoUnxqh6sQQC5j6zQhfXuxMWAeLHUJrm6escISk/iYXbdDOpc9PbaZS8L X-Google-Smtp-Source: AGHT+IFvuYp55iFQaYdcKrcHoMD7djYYuSODjoNeb7OmiY2fSX6ZiqKWHXw1MtUCg0cJsn27XsHIiA== X-Received: by 2002:a05:6512:4021:b0:518:b886:5e16 with SMTP id br33-20020a056512402100b00518b8865e16mr4626658lfb.59.1713180013951; Mon, 15 Apr 2024 04:20:13 -0700 (PDT) Original-Received: from [192.168.0.102] (nat-0-0.nsk.sibset.net. [5.44.169.188]) by smtp.googlemail.com with ESMTPSA id c19-20020ac24153000000b00516be9125e4sm1246823lfi.190.2024.04.15.04.20.13 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 15 Apr 2024 04:20:13 -0700 (PDT) Content-Language: en-US, ru-RU In-Reply-To: <87y19fdklq.fsf@melete.silentflame.com> Received-SPF: pass client-ip=2a00:1450:4864:20::134; envelope-from=manikulin@gmail.com; helo=mail-lf1-x134.google.com X-Spam_score_int: 12 X-Spam_score: 1.2 X-Spam_bar: + X-Spam_report: (1.2 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:317733 Archived-At: This is a multi-part message in MIME format. --------------8AXjukABXHAihcnm7fxMvmkZ Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 15/04/2024 16:46, Sean Whitton wrote: > > emacs -q > M-x gnus-no-server > Gf ~/tmp/mbox-with-the-msgs.mbox > RET I am not a Gnus user, but this time I have tried it. I have realized that if there is an text/x-org attachment, even a purely innocent one, then it is enough to have the following in the text/plain *body* to trigger an attempt to download a remote file: #+setupfile: http://localhost:8000/setup-1234567890.org it happens when I open the message, the attachment remains closed. I expect that message body should not affect attachment preview. Emacs-28.2 --------------8AXjukABXHAihcnm7fxMvmkZ Content-Type: text/org; charset=UTF-8; name="innocent.org" Content-Disposition: attachment; filename="innocent.org" Content-Transfer-Encoding: base64 SW5ub2NlbnQK --------------8AXjukABXHAihcnm7fxMvmkZ Content-Type: text/x-org; charset=UTF-8; name="innocent-x.org" Content-Disposition: attachment; filename="innocent-x.org" Content-Transfer-Encoding: base64 SW5ub2NlbnQK --------------8AXjukABXHAihcnm7fxMvmkZ--