bug#66390: `man' allows to inject arbitrary shell code

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#66390: `man' allows to inject arbitrary shell code

From:	Max Nikulin
Subject:	bug#66390: `man' allows to inject arbitrary shell code
Date:	Wed, 11 Oct 2023 17:56:11 +0700
User-agent:	Mozilla Thunderbird

On 10/10/2023 18:56, Richard Stallman wrote:

In general, that is a reasonable policy -- but maybe a serious securityproblem, which this eesms to be, calls for special treatment.

I would not consider this particular issue as a serious security problemdespite if reported as a CVE it may get high score. However, I believe,it should be addressed.


ol-man is not loaded by default.

Enough features for Org mode are convenient in case of trusted files,but close to dangerous when a user walks through a malicious file. Thereare some issues that requires significant amount of efforts to fixwithout ruining usability.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#66390: `man' allows to inject arbitrary shell code, (continued)

Prev by Date: bug#66390: `man' allows to inject arbitrary shell code
Next by Date: bug#66416: 29.1; Crashes when visiting HELLO file with pgtk on Wayland
Previous by thread: bug#66390: `man' allows to inject arbitrary shell code
Next by thread: bug#66390: `man' allows to inject arbitrary shell code
Index(es):
- Date
- Thread