Package: emacs21
Version: 21.2-1
Severity: grave
Justification: user security hole
Hi.
In December 2002[sic!], Georgi Guninski <email address hidden> writes in
<email address hidden>:
> Attached file demonstrates GNU Emacs 21.2.1 starting process if a text file is
> opened. Just open it with emacs and check for processes "yes".
>
> I suggest disabling local variables by default, because probably there are
> similar bugs of the same nature.
You can view the thread for example at Google Groups:
I just tried it with emacs in Woody and indeed, the yes processes
started to spawn on a fast pace. I went even a bit further and found
out that the execution is not sandboxed in any way, as I was able to
execute a script that writes out a script in my home directory, chmod +x
it, and runs it in turn.
In the above thread, it's mentioned another security bug was found
earlier that week, so please take a look at it.
Cheers,
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux kontryhel 2.4.28-jan #2 Sat Nov 27 02:52:26 GMT 2004 i686
Locale: LANG=C, LC_CTYPE=cs_CZ.ISO-8859-2
Versions of packages emacs21 depends on:
ii dpkg 1.9.21 Package maintenance system for Deb
ii emacsen-common 1.4.15 Common facilities for all emacsen.
ii libc6 2.2.5-11.5 GNU C Library: Shared libraries an
ii libjpeg62 6b-5 The Independent JPEG Group's JPEG
ii liblockfile1 1.03 NFS-safe locking library, includes
ii libncurses5 5.2.20020112a-7 Shared libraries for terminal hand
ii libpng2 1.0.12-3.woody.9 PNG library - runtime
ii libtiff3g 3.5.5-6woody1 Tag Image File Format library
ii xaw3dg 1.5-13 Xaw3d widget set
ii xlibs 4.1.0-16woody5 X Window System client libraries
ii zlib1g 1:1.1.4-1.0woody0 compression library - runtime
Package: emacs21
Version: 21.2-1
Severity: grave
Justification: user security hole
Hi.
In December 2002[sic!], Georgi Guninski <email address hidden> writes in
<email address hidden>:
> Attached file demonstrates GNU Emacs 21.2.1 starting process if a text file is
> opened. Just open it with emacs and check for processes "yes".
>
> I suggest disabling local variables by default, because probably there are
> similar bugs of the same nature.
You can view the thread for example at Google Groups:
http:// groups- beta.google. com/group/ gnu.emacs. bug/browse_ frm/thread/ 9424ec1b2fdae32 1?hl=en& lr=&ie= UTF-8&oe= UTF-8&rnum= 1&prev= /groups% 3Fq%3Dguninski% 2Bemacs% 26hl%3Den% 26lr%3D% 26ie%3DUTF- 8%26oe% 3DUTF-8% 26selm% 3Dmailman. 763.1041357806. 19936.bug- gnu-emacs% 2540gnu. org%26rnum% 3D1
The same url in Quoted Printable, in case it got mangled somehow en
route (run it thru recode /qp..):
http:// groups- beta.google. com/group/ gnu.emacs. bug/browse_ frm/thread/ 9424ec1= hl=3Den& lr=3D&ie= 3DUTF-8& oe=3DUTF- 8&rnum= 3D1&prev= 3D/groups% 3Fq%3= 2Bemacs% 26hl%3Den% 26lr%3D% 26ie%3DUTF- 8%26oe% 3DUTF-8% 26selm% 3Dmail= 1041357806. 19936.bug- gnu-emacs% 2540gnu. org%26rnum% 3D1
b2fdae321?
Dguninski%
man.763.
Georgi's file is enclosed verbatim.
I just tried it with emacs in Woody and indeed, the yes processes
started to spawn on a fast pace. I went even a bit further and found
out that the execution is not sandboxed in any way, as I was able to
execute a script that writes out a script in my home directory, chmod +x
it, and runs it in turn.
In the above thread, it's mentioned another security bug was found
earlier that week, so please take a look at it.
Cheers, cs_CZ.ISO- 8859-2
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux kontryhel 2.4.28-jan #2 Sat Nov 27 02:52:26 GMT 2004 i686
Locale: LANG=C, LC_CTYPE=
Versions of packages emacs21 depends on:
ii dpkg 1.9.21 Package maintenance system for Deb
ii emacsen-common 1.4.15 Common facilities for all emacsen.
ii libc6 2.2.5-11.5 GNU C Library: Shared libraries an
ii libjpeg62 6b-5 The Independent JPEG Group's JPEG
ii liblockfile1 1.03 NFS-safe locking library, includes
ii libncurses5 5.2.20020112a-7 Shared libraries for terminal hand
ii libpng2 1.0.12-3.woody.9 PNG library - runtime
ii libtiff3g 3.5.5-6woody1 Tag Image File Format library
ii xaw3dg 1.5-13 Xaw3d widget set
ii xlibs 4.1.0-16woody5 X Window System client libraries
ii zlib1g 1:1.1.4-1.0woody0 compression library - runtime
--
)^o-o^| jabber: <email address hidden>
| .v K e-mail: jjminar FastMail FM
` - .' phone: +44(0)7981 738 696
\ __/Jan icq: 345 355 493
__|o|__Minář irc: <email address hidden>