GNU bug report logs - #34180
27.0.50; argv[0] used incorrectly to find the .pdmp

Previous Next

Package: emacs;

Reported by: Stefan Monnier <monnier <at> IRO.UMontreal.CA>

Date: Wed, 23 Jan 2019 16:09:02 UTC

Severity: important

Tags: security

Found in version 27.0.50

Fixed in version 28.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Daniel Colascione <dancol <at> dancol.org>
To: Stefan Monnier <monnier <at> IRO.UMontreal.CA>, 34180 <at> debbugs.gnu.org
Subject: bug#34180: 27.0.50; argv[0] used incorrectly to find the .pdmp
Date: Sat, 26 Jan 2019 19:54:29 -0800

On 1/23/19 8:07 AM, Stefan Monnier wrote:
> Package: Emacs
> Version: 27.0.50
> 
> 
> Currently, the first .pdmp file that we try to load is found by adding
> ".pdmp" to argv[0].
> This has 2 problems:
> 
> 1- It fails miserably if argv[0] is a name relative to $PATH since it
>     performs the lookup relative to $PWD instead, which is additionally
>     a security issue.
> 
> 2- If the executable named by argv[0] is a symlink, it does not try to
>     follow the symlink in case the .pdmp is stored next to the
>     destination rather than next to the source.

Yep. We should definitely fix that. realpath on argv[0] seems like the 
right thing.

This bug report was last modified 3 years and 220 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #34180 27.0.50; argv[0] used incorrectly to find the .pdmp

GNU bug report logs - #34180
27.0.50; argv[0] used incorrectly to find the .pdmp