emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#44018: closed (Don't consider play-sound-file to be a 'safe' functio

From: GNU bug Tracking System
Subject: bug#44018: closed (Don't consider play-sound-file to be a 'safe' function)
Date: Mon, 26 Oct 2020 16:33:02 +0000 
Your message dated Mon, 26 Oct 2020 17:32:26 +0100
with message-id 
<CADwFkmkD4eboBf-8XOoDDa+cPbrGvisEmJv-0hLMAggNu=HJTw@mail.gmail.com>
and subject line Re: bug#44018: Don't consider play-sound-file to be a 'safe' 
function
has caused the debbugs.gnu.org bug report #44018,
regarding Don't consider play-sound-file to be a 'safe' function
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
44018: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=44018
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
--- Begin Message --- Subject: Don't consider play-sound-file to be a 'safe' function Date: Thu, 15 Oct 2020 18:55:26 +0200 
We should remove play-sound-file from the list of 'safe' functions in 
unsafep.el.
The risks outweigh the benefits here; this is just basic security engineering.
The attack surface of play-sound-file is considerable.

--- End Message ---
--- Begin Message --- Subject: Re: bug#44018: Don't consider play-sound-file to be a 'safe' function Date: Mon, 26 Oct 2020 17:32:26 +0100 
Mattias EngdegÄrd <mattiase@acm.org> writes:

> Given Lars's approval and the lack of further objections, I'm removing 
> play-sound-file from the list of safe functions in unsafep.el.

FWIW, I agree with this change.  There have been many vulnerabilities
in this area, for example in the Linux kernel drivers.  Who knows what
else is out there.

See, for example:
https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=linux+audio&search_type=all

--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]