GNU bug report logs -
#12155
24.1; Potential Security Flaw with `enable-local-eval', `enable-local-variables'
Previous Next
Reported by: Paul Ling <pdling <at> btinternet.com>
Date: Tue, 7 Aug 2012 15:57:01 UTC
Severity: serious
Tags: security
Found in versions 24.1, 23.2, 23.3, 23.4
Fixed in version 24.2
Done: Glenn Morris <rgm <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Thanks for the report. This issue is present in 23.2, 23.3, 23.4, 24.1,
and the current trunk, but not in 23.1.
I committed this patch to the emacs-24 branch.
I would appreciate it if others could check this.
This issue should also get an entry in test/automated to stop it recurring.
*** lisp/files.el 2012-07-01 16:38:53 +0000
--- lisp/files.el 2012-08-07 18:41:39 +0000
***************
*** 3107,3117 ****
;; Obey `enable-local-eval'.
((eq var 'eval)
(when enable-local-eval
! (push elt all-vars)
! (or (eq enable-local-eval t)
! (hack-one-local-variable-eval-safep (eval (quote val)))
! (safe-local-variable-p var val)
! (push elt unsafe-vars))))
;; Ignore duplicates (except `mode') in the present list.
((and (assq var all-vars) (not (eq var 'mode))) nil)
;; Accept known-safe variables.
--- 3107,3122 ----
;; Obey `enable-local-eval'.
((eq var 'eval)
(when enable-local-eval
! (let ((safe (or (hack-one-local-variable-eval-safep
! (eval (quote val)))
! ;; In case previously marked safe (bug#5636).
! (safe-local-variable-p var val))))
! ;; If not safe and e-l-v = :safe, ignore totally.
! (when (or safe (not (eq enable-local-variables :safe)))
! (push elt all-vars)
! (or (eq enable-local-eval t)
! safe
! (push elt unsafe-vars))))))
;; Ignore duplicates (except `mode') in the present list.
((and (assq var all-vars) (not (eq var 'mode))) nil)
;; Accept known-safe variables.
This bug report was last modified 12 years and 341 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.