[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE-2017-14482 - Red Hat Customer Portal
From: |
Philipp Stephani |
Subject: |
Re: CVE-2017-14482 - Red Hat Customer Portal |
Date: |
Tue, 26 Sep 2017 17:46:10 +0000 |
Ludwig, Mark <ludwig.mark@siemens.com> schrieb am Di., 26. Sep. 2017 um
05:44 Uhr:
> > From Glenn Morris, Monday, September 25, 2017 4:27 PM
> >
> > Eli Zaretskii wrote:
> >
> > > A file whose source you don't trust or are unfamiliar with should
> > > initially be examined with find-file-literally, if your security is
> > > indeed important for you. That emulates what most other text editors
> > > do when you open a file.
> >
> > Wow. I find this an extraordinary statement. For example, it means
> > that "emacs [-Q] somefile" could eg happily delete your home directory.
> > Please reconsider.
>
> It is an unhappy reality, but this is no different from other sophisticated
> file formats. Consider the wisdom of "firefox foo.html" where
> you do not know what is in foo.html. You may /think/ you just want to
> "view" what is in foo.html....
>
>
>
Viewing an HTML document will never run arbitrary code, let alone delete
the user's home directory. Unlike Emacs, browsers have pretty good
sandboxes.
- Re: CVE-2017-14482 - Red Hat Customer Portal, (continued)
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/29
- Message not available
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal, Glenn Morris, 2017/09/25
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/25
- RE: CVE-2017-14482 - Red Hat Customer Portal, Ludwig, Mark, 2017/09/25
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/26
- RE: CVE-2017-14482 - Red Hat Customer Portal, Ludwig, Mark, 2017/09/26
- Re: CVE-2017-14482 - Red Hat Customer Portal,
Philipp Stephani <=
- RE: CVE-2017-14482 - Red Hat Customer Portal, Ludwig, Mark, 2017/09/26
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Narendra Joshi, 2017/09/26
- Re: CVE-2017-14482 - Red Hat Customer Portal, Philipp Stephani, 2017/09/26
- Message not available
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal, ken, 2017/09/22
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/22
- Re: CVE-2017-14482 - Red Hat Customer Portal, Bob Proulx, 2017/09/23
- Message not available
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/24