Re: Emacs Arbitrary Code Execution and How to Avoid It

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs Arbitrary Code Execution and How to Avoid It

From:	Jean Louis
Subject:	Re: Emacs Arbitrary Code Execution and How to Avoid It
Date:	Wed, 4 Dec 2024 12:39:00 +0300
User-agent:	Mutt/2.2.12 (2023-09-09)

* Christopher Howard <christopher@librehacker.com> [2024-12-03 20:56]:
> Hi, I read the interesting write up here:
> 
> https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html
> 
> I wasn't terribly worried about this, as I don't *automatically* activate 
> Flymake or Flycheck. But the article did mention that "code completion runs 
> arbitrary code", and I was wondering more about that. I do not currently use 
> Completion Preview mode. I have used Company in the past but company-mode is 
> not currently activated. So, if I am just viewing an elisp file, i.e., not 
> typing anything it in, nor running dabbrev commands, is there any danger? 
> Should I setup Emacs to, by default, open all elisp files in View Mode?
> 
> Regarding dabbrev, I know dabbrev can search all buffers but I don't know if 
> it does any macro expansion.
> 
> I was going to e-mail the author of the post, but cloudflare won't let me see 
> his e-mail address.

In every programming language it is possible to obscure the code and execute 
arbitrary code.

I do not see it as special security issue, it is common, known.

-- 
Jean Louis

[Prev in Thread]

Current Thread

[Next in Thread]

Emacs Arbitrary Code Execution and How to Avoid It, Christopher Howard, 2024/12/03
- Re: Emacs Arbitrary Code Execution and How to Avoid It, Gerd Möllmann, 2024/12/03
  - Re: Emacs Arbitrary Code Execution and How to Avoid It, Eshel Yaron, 2024/12/03
    - Re: Emacs Arbitrary Code Execution and How to Avoid It, Richard Stallman, 2024/12/08
  - Re: Emacs Arbitrary Code Execution and How to Avoid It, Richard Stallman, 2024/12/05
    - Re: Emacs Arbitrary Code Execution and How to Avoid It, Eli Zaretskii, 2024/12/06
    - Re: Emacs Arbitrary Code Execution and How to Avoid It, Richard Stallman, 2024/12/08
    - Re: Emacs Arbitrary Code Execution and How to Avoid It, Eli Zaretskii, 2024/12/09
- Re: Emacs Arbitrary Code Execution and How to Avoid It, Jean Louis <=
  - Re: Emacs Arbitrary Code Execution and How to Avoid It, Steven Allen, 2024/12/04
    - Re: Emacs Arbitrary Code Execution and How to Avoid It, Jean Louis, 2024/12/04
    - Re: Emacs Arbitrary Code Execution and How to Avoid It, Christopher Howard, 2024/12/04
    - Re: Emacs Arbitrary Code Execution and How to Avoid It, Richard Stallman, 2024/12/06
    - Re: Emacs Arbitrary Code Execution and How to Avoid It, Daniel Radetsky, 2024/12/10
    - Re: Emacs Arbitrary Code Execution and How to Avoid It, Eshel Yaron, 2024/12/11
    - Re: Emacs Arbitrary Code Execution and How to Avoid It, Jean Louis, 2024/12/11
    - Re: Emacs Arbitrary Code Execution and How to Avoid It, Daniel Radetsky, 2024/12/11
    - Re: Emacs Arbitrary Code Execution and How to Avoid It, Jean Louis, 2024/12/11
    - Re: Emacs Arbitrary Code Execution and How to Avoid It, tomas, 2024/12/11

Prev by Date: Re: Introducing Master of Ceremonies, a package for presentations
Next by Date: Re: [ELPA] New package c-intro-and-ref -- was Re: Proposal: Include C Manual from RMS in Emacs git, and/or release
Previous by thread: Re: Emacs Arbitrary Code Execution and How to Avoid It
Next by thread: Re: Emacs Arbitrary Code Execution and How to Avoid It
Index(es):
- Date
- Thread