GNU bug report logs - #63063
CVE-2021-36699 report

Previous Next

Package: emacs;

Reported by: Eli Zaretskii <eliz <at> gnu.org>

Date: Tue, 25 Apr 2023 07:14:02 UTC

Severity: normal

Full log

Message #41 received at 63063 <at> debbugs.gnu.org (full text, mbox):

From: Po Lu <luangruo <at> yahoo.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 63063 <at> debbugs.gnu.org, fuo <at> fuo.fi
Subject: Re: bug#63063: CVE-2021-36699 report
Date: Tue, 25 Apr 2023 20:59:16 +0800

Eli Zaretskii <eliz <at> gnu.org> writes:

> How do you "easily" figure out the offset from some arbitrary data
> address to the current stack pointer, and do that in advance,
> i.e. before the target program even runs?

The reason I put ``easy'' in quotes was because it's ``easy'' in the
eyes of the people running the CVE registry.  To them, any kind of bug
(or perhaps even intended crash) is a security problem.

> The pdumper file is data, not code.  It is loaded into the data
> segment.  And executable code segments are usually write-protected.

Only some kinds of CPU make the distinction between executable and
readable pages.

> I don't think this is relevant.  But based on what the code does, I
> don't see why this should be considered a security issue.

It's not, indeed.

The glaringly obvious reason being that only the site administrator, or
the user himself, can replace the dump file with something else.
This bug report was last modified 2 years and 56 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.