[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bug#37656: 27.0.50; Arbitrary code execution with special `mode:'
|
From: |
Stefan Kangas |
|
Subject: |
Re: bug#37656: 27.0.50; Arbitrary code execution with special `mode:' |
|
Date: |
Wed, 16 Oct 2019 00:27:18 +0200 |
adam plaice <address@hidden> writes:
> Since the bug allows an attacker to execute arbitrary code if the
> victim opens a payload file, and hence opening any file from an
> untrusted source becomes dangerous, it seems to be rather
> serious.
Thanks for raising this here. I agree that this is serious, and we
should treat it accordingly.
The below patch seems to fix it by disabling the feature it exploits.
A workaround is to add this to your init file:
(setq enable-local-variables nil)
Best regards,
Stefan Kangas
diff --git a/lisp/files.el b/lisp/files.el
index 40807617fa..550227b21a 100644
--- a/lisp/files.el
+++ b/lisp/files.el
@@ -3068,7 +3068,7 @@ set-auto-mode
(if (save-excursion (search-forward ":" end t))
;; Find all specifications for the `mode:' variable
;; and execute them left to right.
- (while (let ((case-fold-search t))
+ (when (let ((case-fold-search t))
(or (and (looking-at "mode:")
(goto-char (match-end 0)))
(re-search-forward "[ \t;]mode:" end t)))