GNU bug report logs - #37656
27.0.50; Arbitrary code execution with special `mode:'

Previous Next

Package: emacs;

Reported by: adam plaice <plaice.adam+lists <at> gmail.com>

Date: Tue, 8 Oct 2019 08:49:02 UTC

Severity: normal

Tags: security

Found in version 27.0.50

Fixed in version 30.1

Done: Stefan Kangas <stefankangas <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #41 received at 37656 <at> debbugs.gnu.org (full text, mbox):

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: adam plaice <plaice.adam+lists <at> gmail.com>
Cc: 37656 <at> debbugs.gnu.org
Subject: Re: bug#37656: 27.0.50; Opening file with specially crafted local
 variables can cause arbitrary code execution Inbox x
Date: Wed, 16 Oct 2019 09:13:43 -0400

> -*- mode: emacs-lisp; mode: flymake -*-
>
> (eval-when-compile
>   (with-temp-file "~/emacs_flymake_security_bug"
>       (insert "Could have also executed any code.")))

Yes, it's a serious (and, sadly, known) problem.

I think it goes further than just flymake support for Elisp: flymake
support for other major modes may also end up running arbitrary code
(tho it will depend on the specifics).

So, I think flymake should have a list of "safe" places where it can
treat files like it does know, and any file found elsewhere should be
treated with more care either by simply disabling flymake or disabling
some of its backends, or making its backends more careful (e.g. to
compile those files in a mode where `eval-when-compile` is not executed
or is only executed after passing it through a stringent safety test).


        Stefan
This bug report was last modified 126 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.