[From nobody Fri May 9 19:09:57 2008 >From steve@turnbull.sk.tsukuba.ac.jp Sat May 10 07:23:22 2008 X-VM-v5-Data: ([nil nil nil nil nil nil nil nil nil] ["1358" "Saturday" "10" "May" "2008" "00:44:44" "+0300" "Eli Zaretskii" "eliz@gnu.org" "<u3aorm9tf.fsf@gnu.org>" "48" "[mwelinder@gmail.com: Emacs security bug]" "^Sender:" "emacs-devel@gnu.org" "emacs-devel@gnu.org" "5" "2008051006:44:44" "[mwelinder@gmail.com: Emacs security bug]" nil nil nil nil nil nil nil nil] nil) Return-Path: <steve@turnbull.sk.tsukuba.ac.jp> X-Original-To: steve@uwakimon.sk.tsukuba.ac.jp Delivered-To: steve@uwakimon.sk.tsukuba.ac.jp Received: from turnbull.sk.tsukuba.ac.jp (turnbull.sk.tsukuba.ac.jp [130.158.99.4]) by uwakimon.sk.tsukuba.ac.jp (Postfix) with ESMTP id 292A21A25C2 for <steve@uwakimon.sk.tsukuba.ac.jp>; Sat, 10 May 2008 07:23:22 +0900 (JST) Received: from steve by turnbull.sk.tsukuba.ac.jp with local (Exim 4.63) (envelope-from <steve@turnbull.sk.tsukuba.ac.jp>) id 1Juaoz-0000Qe-J6 for steve@uwakimon.sk.tsukuba.ac.jp; Sat, 10 May 2008 07:12:10 +0900 Received: from localhost ([127.0.0.1] helo=turnbull.sk.tsukuba.ac.jp ident=steve) by turnbull.sk.tsukuba.ac.jp with esmtp (Exim 4.63) (envelope-from <emacs-devel-bounces+stephen=xemacs.org@gnu.org>) id 1Juaos-0000Pe-Oa for steve@localhost; Sat, 10 May 2008 07:12:02 +0900 X-Original-To: turnbull@sk.tsukuba.ac.jp Delivered-To: turnbull@sk.tsukuba.ac.jp Received: from shako.sk.tsukuba.ac.jp [130.158.97.253] by turnbull.sk.tsukuba.ac.jp with POP3 (fetchmail-6.3.4) for <steve@localhost> (single-drop); Sat, 10 May 2008 07:12:02 +0900 (JST) Received: from imss01.cc.tsukuba.ac.jp (imss01.cc.tsukuba.ac.jp [130.158.254.150]) by mngs02.sk.tsukuba.ac.jp (Postfix) with ESMTP id D2BDB4CED for <turnbull@sk.tsukuba.ac.jp>; Sat, 10 May 2008 06:46:23 +0900 (JST) Received: from imss01.cc.tsukuba.ac.jp (imss01.cc.tsukuba.ac.jp [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 6CB702800D for <turnbull@sk.tsukuba.ac.jp>; Sat, 10 May 2008 06:46:25 +0900 (JST) Received-SPF: softfail (imss01.cc.tsukuba.ac.jp: transitioning domain of gnu.org does not designate 207.172.156.132 as permitted sender) client-ip=207.172.156.132; envelope-from=emacs-devel-bounces+stephen=xemacs.org@gnu.org; helo=gwyn.tux.org; Received: from gwyn.tux.org (gwyn.tux.org [207.172.156.132]) by imss01.cc.tsukuba.ac.jp (Postfix) with ESMTP id 0209D28003 for <turnbull@sk.tsukuba.ac.jp>; Sat, 10 May 2008 06:46:24 +0900 (JST) Received: from lists.gnu.org (lists.gnu.org [199.232.76.165]) by gwyn.tux.org (8.12.11/8.12.11) with ESMTP id m49LkMZw007796 for <stephen@xemacs.org>; Fri, 9 May 2008 17:46:23 -0400 Received: from localhost ([127.0.0.1]:36105 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JuaQ2-0008Ht-Nk for stephen@xemacs.org; Fri, 09 May 2008 17:46:22 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1JuaPo-0008G9-Op for emacs-devel@gnu.org; Fri, 09 May 2008 17:46:08 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1JuaPo-0008FG-2U for emacs-devel@gnu.org; Fri, 09 May 2008 17:46:08 -0400 Received: from [199.232.76.173] (port=53257 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1JuaPn-0008F9-V6 for emacs-devel@gnu.org; Fri, 09 May 2008 17:46:07 -0400 Received: from mtaout6.012.net.il ([84.95.2.16]:50231) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from <eliz@gnu.org>) id 1JuaPn-0004rI-K3 for emacs-devel@gnu.org; Fri, 09 May 2008 17:46:07 -0400 Received: from HOME-C4E4A596F7 ([83.130.255.47]) by i-mtaout6.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0K0M0029FFQM57A0@i-mtaout6.012.net.il> for emacs-devel@gnu.org; Sat, 10 May 2008 00:59:10 +0300 (IDT) X-012-Sender: halo1@inter.net.il X-detected-kernel: by monty-python.gnu.org: Solaris 10 (1203?) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eli Zaretskii <eliz@gnu.org> List-Id: "Emacs development discussions." <emacs-devel.gnu.org> List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>, <mailto:emacs-devel-request@gnu.org?subject=unsubscribe> List-Archive: <http://lists.gnu.org/pipermail/emacs-devel> List-Post: <mailto:emacs-devel@gnu.org> List-Help: <mailto:emacs-devel-request@gnu.org?subject=help> List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>, <mailto:emacs-devel-request@gnu.org?subject=subscribe> Errors-To: emacs-devel-bounces+stephen=xemacs.org@gnu.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-1.6 (gwyn.tux.org [207.172.156.133]); Fri, 09 May 2008 17:46:23 -0400 (EDT) X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on gwyn.tux.org X-Virus-Status: Clean Sender: emacs-devel-bounces+stephen=xemacs.org@gnu.org Message-id: <u3aorm9tf.fsf@gnu.org> From: Eli Zaretskii <eliz@gnu.org> To: emacs-devel@gnu.org Subject: [mwelinder@gmail.com: Emacs security bug] Date: Sat, 10 May 2008 00:44:44 +0300 ------- Start of forwarded message ------- X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.1.0 Date: Fri, 9 May 2008 12:45:25 -0400 From: "Morten Welinder" <mwelinder@gmail.com> To: eliz@gnu.org Subject: Emacs security bug Hi there, it's been a while or two -- DJGPP was hot, new technology when we last spoke,:-) It's unclear to me where to send Emacs security concerns, so I am sending this one to you. Please forward appropriately. 1. Create .emacs with contents (global-font-lock-mode t) (seq font-lock-support-mode 'fast-lock-mode) 2. Create foo.c with contents /* Nothing to see here */ 3. Create foo.c.flc with contents (message "Something to see here!") 4. Start Emacs and load foo.c - --> Observe that code from foo.c.flc is run. Not good. (This is with Emacs 21.3.1; XEmacs is also affected, although step 1 needs to be adjusted.) Suggestions: a. Remove "." from fast-lock-cache-directories. Littering little files everywhere is not a good idea anyway. b. Don't use load to handle the .flc file. Instead read it into a buffer and read one s-expression at a time and verify that it is sane before evaluating it. c. Don't use files owned by anyone else. This cannot stand alone, though, as it has a race condition. Morten Welinder ------- End of forwarded message ------- ]