GNU bug report logs -
#66245
[PATCH] ; Silence macOS 14 warning
Previous Next
Reported by: Eshel Yaron <me <at> eshelyaron.com>
Date: Wed, 27 Sep 2023 19:02:02 UTC
Severity: normal
Tags: patch
Merged with 66269
Found in version 29.1.50
Fixed in version 29.2
Done: Stefan Kangas <stefankangas <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
Message #14 received at 66245 <at> debbugs.gnu.org (full text, mbox):
On Thu, Sep 28, 2023 at 03:46:36PM +0200, Eshel Yaron wrote:
> > Is it possible for you to try a before and after test of how Emacs
> > handles saving the state over a reboot? That is, have a running Emacs
> > with open files and reboot, tick the "reopen windows when logging back
> > in" option, and see if it behaves differently with this patch applied
> > and not applied?
>
> I tried that now, and I couldn't see any difference. With and without
> my patch, Emacs starts after reboot and shows the usual *scratch*
> buffer, with no sign of the buffers/files that I had open before
> rebooting. (That could have been nice though!)
Thank you for testing that.
I think this should go into emacs-29, but it's unclear to me what the
(security) implications are. This change is required to fix
CVE-2021-30873, which is rated "high", however it's over a year old at
this point, and given that Apple are requiring us to explicitly set
this in our code rather than forcing it on us, does that mean they
don't consider it that big of a deal?
Eli, Stefan, any thoughts? Does this look bad enough to force a new
Emacs 29 release?
The link with the in-depth explanation again:
https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/
CVE info:
https://nvd.nist.gov/vuln/detail/CVE-2021-30873
--
Alan Third
This bug report was last modified 1 year and 231 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.