Re: Avoiding arbitrary code execution with macroexpansion

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Avoiding arbitrary code execution with macroexpansion

From:	Paul Eggert
Subject:	Re: Avoiding arbitrary code execution with macroexpansion
Date:	Thu, 16 Aug 2018 13:52:37 -0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

Wilfred Hughes wrote:

This means that I can get arbitrary code execution by you opening and
calling code completion a maliciously crafted elisp file!

Is this a security bug in Emacs?

Sounds like it. I suggest constructing a complete, self-contained and hopefullyeasy way to reproduce the problem with emacs -Q, and sending it in a bug reportto address@hidden Thanks.

[Prev in Thread]

Current Thread

[Next in Thread]

Avoiding arbitrary code execution with macroexpansion, Wilfred Hughes, 2018/08/15
- Re: Avoiding arbitrary code execution with macroexpansion, Paul Eggert <=
- Re: Avoiding arbitrary code execution with macroexpansion, Richard Stallman, 2018/08/19
  - Re: Avoiding arbitrary code execution with macroexpansion, Wilfred Hughes, 2018/08/21
    - Re: Avoiding arbitrary code execution with macroexpansion, Richard Stallman, 2018/08/22

Prev by Date: Re: Merging bignum to master
Next by Date: Re: New warnings on emacs-26 branch with gcc 8.2.0
Previous by thread: Avoiding arbitrary code execution with macroexpansion
Next by thread: Re: Avoiding arbitrary code execution with macroexpansion
Index(es):
- Date
- Thread