GNU bug report logs - #37656
27.0.50; Arbitrary code execution with special `mode:'

Previous Next

Package: emacs;

Reported by: adam plaice <plaice.adam+lists <at> gmail.com>

Date: Tue, 8 Oct 2019 08:49:02 UTC

Severity: normal

Tags: security

Found in version 27.0.50

Fixed in version 30.1

Done: Stefan Kangas <stefankangas <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: adam plaice <plaice.adam+lists <at> gmail.com>
To: 37656 <at> debbugs.gnu.org
Subject: bug#37656: 27.0.50; Opening file with specially crafted local variables can cause arbitrary code execution Inbox x
Date: Sat, 15 Mar 2025 18:40:25 +0100

Thanks Stefan for tracking/closing and thanks so much to Stefan
Monnier (I think?) for resolving this!


On Wed, Mar 12, 2025 at 4:39 AM Stefan Kangas <stefankangas <at> gmail.com> wrote:
>
> Version: 30.1
>
> adam plaice <plaice.adam+lists <at> gmail.com> writes:
>
> > * To reproduce:
> >
> > 1. Create a file, say `~/foobar', (it could have an arbitrary
> > extension) with the following contents:
> >
> > -*- mode: emacs-lisp; mode: flymake -*-
> >
> > (eval-when-compile
> >   (with-temp-file "~/emacs_flymake_security_bug"
> >       (insert "Could have also executed any code.")))
> >
> > 2. Open the file with emacs:
> >
> > emacs -Q ~/foobar
> >
> > 3. Inspect ~/emacs_flymake_security_bug:
> >
> > cat ~/emacs_flymake_security_bug
> >
> > * Expected result
> >
> > ~/emacs_flymake_security_bug does not exist.
> >
> > * Actual result
> >
> > ~/emacs_flymake_security_bug does exist.
>
> This is fixed in the recently released Emacs 30.1, so I'm closing this
> bug now.
This bug report was last modified 126 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.