#12155 - 24.1; Potential Security Flaw with `enable-local-eval', `enable-local-variables'

GNU bug report logs - #12155
24.1; Potential Security Flaw with `enable-local-eval', `enable-local-variables'

Package: emacs;

Reported by: Paul Ling <pdling <at> btinternet.com>

Date: Tue, 7 Aug 2012 15:57:01 UTC

Severity: serious

Tags: security

Found in versions 24.1, 23.2, 23.3, 23.4

Fixed in version 24.2

Done: Glenn Morris <rgm <at> gnu.org>

Bug is archived. No further changes may be made.

Message #21 received at 12155 <at> debbugs.gnu.org (full text, mbox):

From: Chong Yidong <cyd <at> gnu.org> To: 12155 <at> debbugs.gnu.org Subject: [Kurt Seifried] Re: [oss-security] Security flaw in GNU Emacs file-local variables Date: Tue, 14 Aug 2012 11:16:50 +0800

[Message part 1 (message/rfc822, inline)]

From: Kurt Seifried <kseifried <at> redhat.com>
To: oss-security <at> lists.openwall.com
Cc: Chong Yidong <cyd <at> gnu.org>
Subject: Re: [oss-security] Security flaw in GNU Emacs file-local variables
Date: Sun, 12 Aug 2012 23:42:36 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/12/2012 09:22 PM, Chong Yidong wrote:
> Paul Ling has found a security flaw in the file-local variables
> code in GNU Emacs.  We are preparing a new Emacs release to address
> this flaw, and would like to request a CVE.
> 
> When the Emacs user option `enable-local-variables' is set to
> `:safe' (the default value is t), Emacs should automatically refuse
> to evaluate `eval' forms in file-local variable sections.  Due to
> the bug, Emacs instead automatically evaluates such `eval' forms.
> Thus, if the user changes the value of `enable-local-variables' to
> `:safe', visiting a malicious file can cause automatic execution of
> arbitrary Emacs Lisp code with the permissions of the user.
> 
> The bug is present in Emacs 23.2, 23.3, 23.4, and 24.1.
> 
> Attached are patches to fix this bug for Emacs 23.4 and Emacs
> 24.1, written by Glenn Morris.  (The 23.4 patch should apply to the
> rest of the Emacs 23.x series.)
> 
> Bug tracker ref:
> http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155

Please use CVE-2012-3479 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQKJPMAAoJEBYNRVNeJnmTfa8QAMp9laqz/ihbWisZWmHk5kkQ
1afhhPxgSOauIPnuc2myWIP53lu8buJOgXOCo1Tl6fvfjMGu8zWJ3gr3xnqRyYjr
m1EbiUZtrqdlyukvkReU08CVWmW8lXkn6W3znc3S6JQNq+eRxgBXMvcbAtNnJzKA
ri6ApmMIqKZkbV9p8hqyHeNcdCdfi4nrjBr4vff6UX4SM1hqe05P6DOa8FCoRDIj
Wt81d3zUenGwuVyFaRknuqw0dwQ6svwjCpcpsZnEiwjPZG+8IDlo8aCrvuThKh+x
DTcD3Lt8Vr7+6QhAf7a20PDwJvM1KcinkHDQ1qE6ZvmxcdTJmoY0R+2wZqdnX2UZ
f7mlqS8GPxH4V173ypz98eM0IhI/E4ZXSlTHg0vThq33QJ9NNjQ0OuDJhM5fuikF
vY/s2n2TymrEAIjP6CMwZjZfSe56SzcJadR3Pq56H7RD+zSJYJmfasWbK56acjHA
qE5xxvunO7UZPMAsYqUMGIqVCv5EsiDmmoFF/Xtlk98/at8AWfKNt27IGqPU+io3
ShpGjDcptN8yitOPaPcEaAim6ndfObL4LlLozNv85M71oJ7tcDGiVBPaPRIjB0AJ
bXpunXMcEigQlazVy/T4CIv7r2P2ZR64at16t0LKiR4XiTL016rjUkhSuHdPSdU3
FS+YTLukIBYRDIFbbJss
=jFS2
-----END PGP SIGNATURE-----

This bug report was last modified 12 years and 341 days ago.

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #12155 24.1; Potential Security Flaw with `enable-local-eval', `enable-local-variables'

GNU bug report logs - #12155
24.1; Potential Security Flaw with `enable-local-eval', `enable-local-variables'