From unknown Fri Aug 15 20:48:48 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#12155 <12155@debbugs.gnu.org>
To: bug#12155 <12155@debbugs.gnu.org>
Subject: Status: 24.1; Potential Security Flaw with `enable-local-eval',
 `enable-local-variables'
Reply-To: bug#12155 <12155@debbugs.gnu.org>
Date: Sat, 16 Aug 2025 03:48:48 +0000

retitle 12155 24.1; Potential Security Flaw with `enable-local-eval', `enab=
le-local-variables'
reassign 12155 emacs
submitter 12155 Paul Ling <pdling@btinternet.com>
severity 12155 serious
tag 12155 security

thanks


From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 07 11:56:39 2012
Received: (at submit) by debbugs.gnu.org; 7 Aug 2012 15:56:39 +0000
Received: from localhost ([127.0.0.1]:39955 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1Sym98-00079a-AD
	for submit@debbugs.gnu.org; Tue, 07 Aug 2012 11:56:38 -0400
Received: from eggs.gnu.org ([208.118.235.92]:41345)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <pdling@btinternet.com>) id 1Sym5p-000740-TW
	for submit@debbugs.gnu.org; Tue, 07 Aug 2012 11:53:15 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pdling@btinternet.com>) id 1Syly5-0001Tg-63
	for submit@debbugs.gnu.org; Tue, 07 Aug 2012 11:45:14 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=unavailable version=3.3.2
Received: from lists.gnu.org ([208.118.235.17]:57746)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pdling@btinternet.com>) id 1Syly5-0001Tc-2K
	for submit@debbugs.gnu.org; Tue, 07 Aug 2012 11:45:13 -0400
Received: from eggs.gnu.org ([208.118.235.92]:58334)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pdling@btinternet.com>) id 1Syly3-0003FL-Qz
	for bug-gnu-emacs@gnu.org; Tue, 07 Aug 2012 11:45:13 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pdling@btinternet.com>) id 1Syly1-0001SS-FF
	for bug-gnu-emacs@gnu.org; Tue, 07 Aug 2012 11:45:11 -0400
Received: from nm8.bullet.mail.ukl.yahoo.com ([217.146.182.249]:46793)
	by eggs.gnu.org with smtp (Exim 4.71)
	(envelope-from <pdling@btinternet.com>) id 1Syly1-0001Rn-4j
	for bug-gnu-emacs@gnu.org; Tue, 07 Aug 2012 11:45:09 -0400
Received: from [217.146.183.182] by nm8.bullet.mail.ukl.yahoo.com with NNFMP;
	07 Aug 2012 15:45:07 -0000
Received: from [217.146.183.203] by tm13.bullet.mail.ukl.yahoo.com with NNFMP;
	07 Aug 2012 15:45:07 -0000
Received: from [127.0.0.1] by omp1001.bt.mail.ukl.yahoo.com with NNFMP;
	07 Aug 2012 15:45:07 -0000
X-Yahoo-Newman-Id: 728400.1084.bm@omp1001.bt.mail.ukl.yahoo.com
Received: (qmail 48916 invoked from network); 7 Aug 2012 15:45:07 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=btinternet.com;
	h=DKIM-Signature:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:From:Content-Type:Content-Transfer-Encoding:Date:Subject:To:Message-Id:Mime-Version:X-Mailer;
	b=H95u8kNbnuN9waGQUeggvjwqbT1mxaMtWF9A54fKvpOa8SIo0KweUXqdmoIYFv1StaYV5lItb1YLT3/csLj++WYRt5BjsH8EHgBXsPV2B96hm6AyqfRmIDwphp6PqhhSOfEjCSz+Mor2k6wyoSmt75/6OORYZbWNoXKZrSZj9IM=
	; 
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btinternet.com; s=s1024;
	t=1344354307; bh=X9NOymLI8V899kchKi/HdGhDYsXiECpdUPqQQySdT10=;
	h=X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:From:Content-Type:Content-Transfer-Encoding:Date:Subject:To:Message-Id:Mime-Version:X-Mailer;
	b=4DRHkwfdg8mU/BR0Y10ntmU37HJX7W/5pqEaaE/WT8DoIStl5dbIq1SAz0b6eIiIyvx09DRWhvz5sL8JXIQVrdfAqeNDzOrKQeXrEvYqz7Kf1zhj+XPCbldv3M5QmXeGCP6bJINQ108OC4wOZecyvlPUAPwrwH9ZlsFBrZCC6jI=
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: LsQiAnoVM1ke1pxVmiCU9tWT7gwTeXS1Pqh82PeVSeys2GG
	LS4tYLctHIVHWj3PbgALt1oIx4H3T.k6U.00fx8hKXouCEhTgAtrq7mGOI.k
	QYo6Mn6QewYG6bqT0ZcU6kayPiB_ddbmG2QI0d4gqpTkVk.gGuDbayBRB1eD
	1B80XemmPiUL7R3nHZ0DC5KdtMzOQusPAVInrqmG8DhQFgd_it.gwnR7CCur
	dYvRS_f6BeWI41T1SG4gyl6PfeMRR.xT_b.OMPNnIlQFrLTsfUePaYqCPp1k
	TnkzF5ZgxfDcgZlpxJei_hSYVoy.SIFNE1ZxIvFh_Vt83bWy2jryekoawkpF
	CwvHG9NuxJ3ENKJ1iRyXeFKAiFNfWTeVvvxhx2TbmgT8CKQOjke0gyFgQUnG
	4VbywXygkuEYKmKQX1orJEnQPxE_UODHGyUMPqC1k5q9t9oM0W_DF4Buh6YU
	IMBDvYj5.ymgC1X0KdyTcHcXOUfBUQ7ktg1ylDA--
X-Yahoo-SMTP: CeWxCFCswBAW7dj5zzaJyPvYFkvHMQNIRWNngsd1PLd0yQ--
Received: from unknown-e0-f8-47-27-88-24.home (pdling@86.139.194.65 with plain)
	by smtp822.mail.ukl.yahoo.com with SMTP; 07 Aug 2012 08:45:07 -0700 PDT
From: Paul Ling <pdling@btinternet.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Tue, 7 Aug 2012 16:45:05 +0100
Subject: 24.1; Potential Security Flaw with `enable-local-eval',
	`enable-local-variables'
To: bug-gnu-emacs@gnu.org
Message-Id: <2E2AB09E-68D5-48FB-AAAC-B447921C6B38@btinternet.com>
Mime-Version: 1.0 (Apple Message framework v1278)
X-Mailer: Apple Mail (2.1278)
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 208.118.235.17
X-Spam-Score: -6.9 (------)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Tue, 07 Aug 2012 11:56:37 -0400
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces@debbugs.gnu.org
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
X-Spam-Score: -6.9 (------)

--text follows this line--
This bug report will be sent to the Bug-GNU-Emacs mailing list
and the GNU bug tracker at debbugs.gnu.org.  Please check that
the From: line contains a valid email address.  After a delay of up
to one day, you should receive an acknowledgement at that address.

Please write in English if possible, as the Emacs maintainers
usually do not have translators for other languages.

Please describe exactly what actions triggered the bug, and
the precise symptoms of the bug.  If you can, give a recipe
starting from `emacs -Q':

If Emacs crashed, and you have the Emacs process in the gdb debugger,
please include the output from the following gdb commands:
    `bt full' and `xbacktrace'.
For information about debugging Emacs, please read the file
/Applications/MacPorts/Emacs.app/Contents/Resources/etc/DEBUG.

In GNU Emacs 24.1.1 (x86_64-apple-darwin11.3.0, NS apple-appkit-1138.32)
of 2012-06-15 on gamma.local
Windowing system distributor `Apple', version 10.3.1138
Configured using:
`configure '--prefix=/opt/local' '--with-ns' '--without-x'
'--without-dbus' 'CC=/usr/bin/clang' 'CFLAGS=-pipe -O2 -arch x86_64'
'LDFLAGS=-L/opt/local/lib -arch x86_64'
'CPPFLAGS=-I/opt/local/include''

Important settings:
  value of $LC_ALL: nil
  value of $LC_COLLATE: nil
  value of $LC_CTYPE: nil
  value of $LC_MESSAGES: nil
  value of $LC_MONETARY: nil
  value of $LC_NUMERIC: nil
  value of $LC_TIME: nil
  value of $LANG: nil
  value of $XMODIFIERS: nil
  locale-coding-system: nil
  default enable-multibyte-characters: t

Major mode: Help

Minor modes in effect:
  minibuffer-depth-indicate-mode: t
  delete-selection-mode: t
  mouse-wheel-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  column-number-mode: t
  line-number-mode: t
  transient-mark-mode: t

Recent input:
<help-menu> <send-emacs-bug-report>

Recent messages:
Type "q" to delete help window.
Creating customization items...
Creating customization items ...done
Resetting customization items...done
Creating customization setup...done
To install your edits, invoke [State] and choose the Set operation
Type "q" to delete help window.
Back to top level. [2 times]
Type "q" to delete help window.
Copied 17 characters

Load-path shadows:
None found.

Features:
(shadow sort gnus-util mail-extr warnings emacsbug message format-spec
rfc822 mml mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231
mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums
mm-util mail-prsvr mail-utils cus-edit wid-edit pp help-mode hl-line
auctex-autoloads tex-site info package tabulated-list jka-compr mb-depth
linum delsel cua-base cus-start cus-load pdling view tmm electric
dired-x easymenu dired-aux apropos srtmenu poshist ltx-aux dtree dired
regexp-opt pdl-fix-focus advice help-fns advice-preload edmacro kmacro
time-date tooltip ediff-hook vc-hooks lisp-float-type mwheel ns-win
tool-bar dnd fontset image fringe lisp-mode register page menu-bar
rfn-eshadow timer select scroll-bar mouse jit-lock font-lock syntax
facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese
tibetan thai tai-viet lao korean japanese hebrew greek romanian slovak
czech european ethiopic indian cyrillic chinese case-table epa-hook
jka-cmpr-hook help simple abbrev minibuffer loaddefs button faces
cus-face files text-properties overlay sha1 md5 base64 format env
code-pages mule custom widget hashtable-print-readable backquote
make-network-process ns multi-tty emacs)

On setting `enable-local-variables' to `:safe' (set safe local
variables, ignore others) and `enable-local-eval' to `maybe' (the
default, should query `eval:'s in local variables), the `eval:'s seem to
get evaluated without querying the user.  For example, with

;; Local Variabulls:
;; eval: (do-something-nasty)
;; End:

at the end of a file (with Variables in place of Variabulls) on opening
the file `(do-something-nasty)' seems to get evaluated with obvious
security issues.

Hope this is helpful and I'm not missing something obvious,
Paul Ling.




From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 07 12:29:01 2012
Received: (at control) by debbugs.gnu.org; 7 Aug 2012 16:29:01 +0000
Received: from localhost ([127.0.0.1]:40009 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1SymeR-0007xn-Nl
	for submit@debbugs.gnu.org; Tue, 07 Aug 2012 12:29:01 -0400
Received: from fencepost.gnu.org ([208.118.235.10]:56765)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <rgm@gnu.org>) id 1SymeP-0007xg-Kg
	for control@debbugs.gnu.org; Tue, 07 Aug 2012 12:28:58 -0400
Received: from rgm by fencepost.gnu.org with local (Exim 4.71)
	(envelope-from <rgm@gnu.org>)
	id 1SymWg-0001sM-5r; Tue, 07 Aug 2012 12:20:58 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <20513.16490.46334.179389@gnu.org>
Date: Tue, 7 Aug 2012 12:20:58 -0400
From: Glenn Morris <rgm@gnu.org>
To: GNU bug tracker automated control server <control@debbugs.gnu.org>
Subject: control2
X-Attribution: GM
X-Mailer: VM (www.wonderworks.com/vm), GNU Emacs (www.gnu.org/software/emacs)
X-Hue: white
X-Ran: rx`+/2]7kvaeSEk@H$X{+$ml[Pv;Ymy%IJ6hU)'}Z}c{xcy5pE'Gx~EaMRyO:e{VZt*>j$
X-Debbugs-No-Ack: yes
X-Spam-Score: -5.7 (-----)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces@debbugs.gnu.org
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
X-Spam-Score: -5.7 (-----)

found 12155 23.2
found 12155 23.3
found 12155 23.4




From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 07 14:52:40 2012
Received: (at 12155) by debbugs.gnu.org; 7 Aug 2012 18:52:40 +0000
Received: from localhost ([127.0.0.1]:40246 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1SyotU-0003np-3k
	for submit@debbugs.gnu.org; Tue, 07 Aug 2012 14:52:40 -0400
Received: from fencepost.gnu.org ([208.118.235.10]:59758)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <rgm@gnu.org>) id 1SyotQ-0003ne-C4
	for 12155@debbugs.gnu.org; Tue, 07 Aug 2012 14:52:37 -0400
Received: from rgm by fencepost.gnu.org with local (Exim 4.71)
	(envelope-from <rgm@gnu.org>)
	id 1Syolf-0008Ri-VC; Tue, 07 Aug 2012 14:44:36 -0400
From: Glenn Morris <rgm@gnu.org>
To: Paul Ling <pdling@btinternet.com>
Subject: Re: bug#12155: 24.1; Potential Security Flaw with `enable-local-eval',
	`enable-local-variables'
References: <2E2AB09E-68D5-48FB-AAAC-B447921C6B38@btinternet.com>
X-Spook: military USCOI tempest Juiliett Class Submarine Honduras
X-Ran: hY{OI($@ehTP;o#T2c|*=C(S:dO9_'GOjfG/#%5vt<p0^4r^uF6#'B_huxZ9A?0rCCmqL0
X-Hue: yellow
X-Debbugs-No-Ack: yes
X-Attribution: GM
Date: Tue, 07 Aug 2012 14:44:35 -0400
In-Reply-To: <2E2AB09E-68D5-48FB-AAAC-B447921C6B38@btinternet.com> (Paul
	Ling's message of "Tue, 7 Aug 2012 16:45:05 +0100")
Message-ID: <4uvcgu35kc.fsf@fencepost.gnu.org>
User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: -6.9 (------)
X-Debbugs-Envelope-To: 12155
Cc: 12155@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces@debbugs.gnu.org
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
X-Spam-Score: -6.9 (------)


Thanks for the report. This issue is present in 23.2, 23.3, 23.4, 24.1,
and the current trunk, but not in 23.1.

I committed this patch to the emacs-24 branch.
I would appreciate it if others could check this.

This issue should also get an entry in test/automated to stop it recurring.

*** lisp/files.el	2012-07-01 16:38:53 +0000
--- lisp/files.el	2012-08-07 18:41:39 +0000
***************
*** 3107,3117 ****
  	      ;; Obey `enable-local-eval'.
  	      ((eq var 'eval)
  	       (when enable-local-eval
! 		 (push elt all-vars)
! 		 (or (eq enable-local-eval t)
! 		     (hack-one-local-variable-eval-safep (eval (quote val)))
! 		     (safe-local-variable-p var val)
! 		     (push elt unsafe-vars))))
  	      ;; Ignore duplicates (except `mode') in the present list.
  	      ((and (assq var all-vars) (not (eq var 'mode))) nil)
  	      ;; Accept known-safe variables.
--- 3107,3122 ----
  	      ;; Obey `enable-local-eval'.
  	      ((eq var 'eval)
  	       (when enable-local-eval
! 		 (let ((safe (or (hack-one-local-variable-eval-safep
! 				  (eval (quote val)))
! 				 ;; In case previously marked safe (bug#5636).
! 				 (safe-local-variable-p var val))))
! 		   ;; If not safe and e-l-v = :safe, ignore totally.
! 		   (when (or safe (not (eq enable-local-variables :safe)))
! 		     (push elt all-vars)
! 		     (or (eq enable-local-eval t)
! 			 safe
! 			 (push elt unsafe-vars))))))
  	      ;; Ignore duplicates (except `mode') in the present list.
  	      ((and (assq var all-vars) (not (eq var 'mode))) nil)
  	      ;; Accept known-safe variables.





From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 08 03:42:09 2012
Received: (at control) by debbugs.gnu.org; 8 Aug 2012 07:42:09 +0000
Received: from localhost ([127.0.0.1]:40989 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1Sz0u8-0004bi-P7
	for submit@debbugs.gnu.org; Wed, 08 Aug 2012 03:42:09 -0400
Received: from fencepost.gnu.org ([208.118.235.10]:47576)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <rgm@gnu.org>) id 1Sz0u7-0004bb-CM
	for control@debbugs.gnu.org; Wed, 08 Aug 2012 03:42:07 -0400
Received: from rgm by fencepost.gnu.org with local (Exim 4.71)
	(envelope-from <rgm@gnu.org>) id 1Sz0mK-0005NM-54
	for control@debbugs.gnu.org; Wed, 08 Aug 2012 03:34:04 -0400
Date: Wed, 08 Aug 2012 03:34:04 -0400
Message-Id: <E1Sz0mK-0005NM-54@fencepost.gnu.org>
Subject: control message for bug 12155
To: <control@debbugs.gnu.org>
X-Mailer: mail (GNU Mailutils 2.1)
From: Glenn Morris <rgm@gnu.org>
X-Spam-Score: -6.9 (------)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces@debbugs.gnu.org
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
X-Spam-Score: -6.9 (------)

fixed 12155 24.2




From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 13 13:04:45 2012
Received: (at control) by debbugs.gnu.org; 13 Aug 2012 17:04:45 +0000
Received: from localhost ([127.0.0.1]:53816 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1T0y4L-0001WT-En
	for submit@debbugs.gnu.org; Mon, 13 Aug 2012 13:04:45 -0400
Received: from fencepost.gnu.org ([208.118.235.10]:53031)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <rgm@gnu.org>) id 1T0y4K-0001WN-J4
	for control@debbugs.gnu.org; Mon, 13 Aug 2012 13:04:44 -0400
Received: from rgm by fencepost.gnu.org with local (Exim 4.71)
	(envelope-from <rgm@gnu.org>) id 1T0xw3-0006tF-DM
	for control@debbugs.gnu.org; Mon, 13 Aug 2012 12:56:11 -0400
Date: Mon, 13 Aug 2012 12:56:11 -0400
Message-Id: <E1T0xw3-0006tF-DM@fencepost.gnu.org>
Subject: control message for bug 12155
To: <control@debbugs.gnu.org>
X-Mailer: mail (GNU Mailutils 2.1)
From: Glenn Morris <rgm@gnu.org>
X-Spam-Score: -6.9 (------)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces@debbugs.gnu.org
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
X-Spam-Score: -6.9 (------)

close 12155




From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 13 23:25:34 2012
Received: (at 12155) by debbugs.gnu.org; 14 Aug 2012 03:25:34 +0000
Received: from localhost ([127.0.0.1]:54600 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1T17l8-0000aB-8H
	for submit@debbugs.gnu.org; Mon, 13 Aug 2012 23:25:34 -0400
Received: from mail-gh0-f172.google.com ([209.85.160.172]:47561)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <seewhydee@gmail.com>) id 1T17l5-0000a4-K0
	for 12155@debbugs.gnu.org; Mon, 13 Aug 2012 23:25:32 -0400
Received: by ghbg16 with SMTP id g16so4217226ghb.3
	for <12155@debbugs.gnu.org>; Mon, 13 Aug 2012 20:16:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=sender:from:to:subject:date:message-id:user-agent:mime-version
	:content-type:content-disposition:content-transfer-encoding;
	bh=NfZT/Vp5PXu2hKcdyuereQR2VEPp4uxEXCWArVef0mM=;
	b=s6PEtXO9oEk0HSLhtZAOFcG1T/FwyjYDoWwor4Fm9ORSt1iGnFhQpdg1OvIprMw6sM
	DfCkM5zwe86LS5nglE5eL7W9J1TRH/zB30Wy8T4bS5K1bNpA73bXyuNc6cyxLmEygjXq
	E2i21V+BstEevevMXW0X2xqHgn02gFLrX3BrbfNoeU/keV+e1V4TN570ukKAv5Bvks8W
	KJIhsaSkx41e3VxTA+Rziyd9DW66pfsez0DTAhq7TD6RjbOM/XEHLCu/CxPbmNUEfMa9
	Gbq/bDUCw06oSkPpjzW4XF0EGsbTrUq5JZa1pVF5KHTDgZe+3JBYYFwoU5Biqok++LFb
	GxFw==
Received: by 10.50.149.134 with SMTP id ua6mr8869952igb.11.1344914215142;
	Mon, 13 Aug 2012 20:16:55 -0700 (PDT)
Received: from ulysses ([155.69.16.255])
	by mx.google.com with ESMTPS id q1sm18291288igj.15.2012.08.13.20.16.52
	(version=SSLv3 cipher=OTHER); Mon, 13 Aug 2012 20:16:54 -0700 (PDT)
From: Chong Yidong <cyd@gnu.org>
To: 12155@debbugs.gnu.org
Subject: [Kurt Seifried] Re: [oss-security] Security flaw in GNU Emacs
	file-local variables
Date: Tue, 14 Aug 2012 11:16:50 +0800
Message-ID: <87r4rajh7h.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.6 (--)
X-Debbugs-Envelope-To: 12155
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
	<mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
	<mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Sender: debbugs-submit-bounces@debbugs.gnu.org
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
X-Spam-Score: -2.6 (--)

Delivered-To: seewhydee@gmail.com
Received: by 10.223.171.132 with SMTP id h4csp142692faz;
        Sun, 12 Aug 2012 22:42:42 -0700 (PDT)
Received: by 10.236.72.103 with SMTP id s67mr9548985yhd.78.1344836562071;
        Sun, 12 Aug 2012 22:42:42 -0700 (PDT)
Return-Path: <kseifried@redhat.com>
Received: from fencepost.gnu.org (fencepost.gnu.org. [2001:4830:134:3::e])
        by mx.google.com with ESMTPS id l13si2299943anh.141.2012.08.12.22.42.41
        (version=TLSv1/SSLv3 cipher=OTHER);
        Sun, 12 Aug 2012 22:42:41 -0700 (PDT)
Received-SPF: fail (google.com: domain of kseifried@redhat.com does not designate 2001:4830:134:3::e as permitted sender) client-ip=2001:4830:134:3::e;
Authentication-Results: mx.google.com; spf=hardfail (google.com: domain of kseifried@redhat.com does not designate 2001:4830:134:3::e as permitted sender) smtp.mail=kseifried@redhat.com
Received: from eggs.gnu.org ([208.118.235.92]:37016)
	by fencepost.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71)
	(envelope-from <kseifried@redhat.com>)
	id 1T0nQH-0007XG-6M
	for cyd@gnu.org; Mon, 13 Aug 2012 01:42:41 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kseifried@redhat.com>)
	id 1T0nQF-0004so-Qc
	for cyd@gnu.org; Mon, 13 Aug 2012 01:42:41 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
Received: from mx1.redhat.com ([209.132.183.28]:33700)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kseifried@redhat.com>)
	id 1T0nQF-0004sY-IS
	for cyd@gnu.org; Mon, 13 Aug 2012 01:42:39 -0400
Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id q7D5gbe9029719
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Mon, 13 Aug 2012 01:42:37 -0400
Received: from seif-rht-f16.edm.seifried.org (ovpn-113-25.phx2.redhat.com [10.3.113.25])
	by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id q7D5gaVL003903;
	Mon, 13 Aug 2012 01:42:37 -0400
Message-ID: <502893CC.8090709@redhat.com>
Date: Sun, 12 Aug 2012 23:42:36 -0600
From: Kurt Seifried <kseifried@redhat.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0
MIME-Version: 1.0
To: oss-security@lists.openwall.com
CC: Chong Yidong <cyd@gnu.org>
Subject: Re: [oss-security] Security flaw in GNU Emacs file-local variables
References: <87lihjscfo.fsf@gnu.org>
In-Reply-To: <87lihjscfo.fsf@gnu.org>
X-Enigmail-Version: 1.4.3
OpenPGP: id=5E267993
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized.
X-Received-From: 209.132.183.28

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/12/2012 09:22 PM, Chong Yidong wrote:
> Paul Ling has found a security flaw in the file-local variables
> code in GNU Emacs.  We are preparing a new Emacs release to address
> this flaw, and would like to request a CVE.
> 
> When the Emacs user option `enable-local-variables' is set to
> `:safe' (the default value is t), Emacs should automatically refuse
> to evaluate `eval' forms in file-local variable sections.  Due to
> the bug, Emacs instead automatically evaluates such `eval' forms.
> Thus, if the user changes the value of `enable-local-variables' to
> `:safe', visiting a malicious file can cause automatic execution of
> arbitrary Emacs Lisp code with the permissions of the user.
> 
> The bug is present in Emacs 23.2, 23.3, 23.4, and 24.1.
> 
> Attached are patches to fix this bug for Emacs 23.4 and Emacs
> 24.1, written by Glenn Morris.  (The 23.4 patch should apply to the
> rest of the Emacs 23.x series.)
> 
> Bug tracker ref:
> http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155

Please use CVE-2012-3479 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQKJPMAAoJEBYNRVNeJnmTfa8QAMp9laqz/ihbWisZWmHk5kkQ
1afhhPxgSOauIPnuc2myWIP53lu8buJOgXOCo1Tl6fvfjMGu8zWJ3gr3xnqRyYjr
m1EbiUZtrqdlyukvkReU08CVWmW8lXkn6W3znc3S6JQNq+eRxgBXMvcbAtNnJzKA
ri6ApmMIqKZkbV9p8hqyHeNcdCdfi4nrjBr4vff6UX4SM1hqe05P6DOa8FCoRDIj
Wt81d3zUenGwuVyFaRknuqw0dwQ6svwjCpcpsZnEiwjPZG+8IDlo8aCrvuThKh+x
DTcD3Lt8Vr7+6QhAf7a20PDwJvM1KcinkHDQ1qE6ZvmxcdTJmoY0R+2wZqdnX2UZ
f7mlqS8GPxH4V173ypz98eM0IhI/E4ZXSlTHg0vThq33QJ9NNjQ0OuDJhM5fuikF
vY/s2n2TymrEAIjP6CMwZjZfSe56SzcJadR3Pq56H7RD+zSJYJmfasWbK56acjHA
qE5xxvunO7UZPMAsYqUMGIqVCv5EsiDmmoFF/Xtlk98/at8AWfKNt27IGqPU+io3
ShpGjDcptN8yitOPaPcEaAim6ndfObL4LlLozNv85M71oJ7tcDGiVBPaPRIjB0AJ
bXpunXMcEigQlazVy/T4CIv7r2P2ZR64at16t0LKiR4XiTL016rjUkhSuHdPSdU3
FS+YTLukIBYRDIFbbJss
=jFS2
-----END PGP SIGNATURE-----




From unknown Fri Aug 15 20:48:48 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Tue, 11 Sep 2012 11:24:04 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator