GNU bug report logs - #41619
[PATCH] Mark python-shell-virtualenv-root as safe local variable

Previous Next

Package: emacs;

Reported by: "Philip K." <philip.kaludercic <at> fau.de>

Date: Sat, 30 May 2020 20:32:02 UTC

Severity: normal

Tags: patch

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Glenn Morris <rgm <at> gnu.org>, "Philip K." <philip <at> warpmail.net>
Cc: 41619 <at> debbugs.gnu.org, philip.kaludercic <at> fau.de
Subject: bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable
Date: Mon, 15 Jun 2020 21:53:50 +0300

> From: Glenn Morris <rgm <at> gnu.org>
> Date: Sat, 13 Jun 2020 13:20:29 -0400
> Cc: eliz <at> gnu.org, philip.kaludercic <at> fau.de
> 
> 
> I don't understand how python-shell-virtualenv-root can be considered a
> safe local variable. Surely it controls what "python" executable gets run.
> 
> As a test, I did:
> 
> python3 -m venv /tmp/foo
> 
> I then replaced /tmp/foo/bin/python with a shell-script:
> 
>  #!/bin/bash
>  echo oh-oh
> 
> I then ran:
> emacs -Q --eval '(setq python-shell-virtualenv-root "/tmp/foo")' -f python-mode
> C-c C-p
> 
> This gives an inferior Python buffer with contents:
> 
>   oh-oh
> 
>   Process Python finished
> 
> In other words, this looks like a recipe for arbitrary code execution.

Philip, could you please look into this?  TIA.

This bug report was last modified 5 years and 68 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #41619 [PATCH] Mark python-shell-virtualenv-root as safe local variable

GNU bug report logs - #41619
[PATCH] Mark python-shell-virtualenv-root as safe local variable