bug#37656: 27.0.50; Arbitrary code execution with special `mode:'

[Adam Plaice]

> Here is a more complete patch.  Does it look like the right fix?

This indeed fixes the issue! Thanks for dealing with it so quickly! (Though
I'm obviously not qualified to say whether it's _the_ right fix for this.)

>  I think the relevant node in the documentation is:
> (info "(emacs)Choosing Modes")

That, and part of:
(info "(emacs)Specifying File Variables")


Unfortunately, I've realised that a similar problem can be introduced
with directory variables. (Should I file separate bug for this as it's
closely related but not quite the same?) This requires at least two
files, so it's not quite as serious:

In .dir-locals.el:

((nil . ((mode . flymake))))

In, say, foobar, in the same directory:

-*- mode: emacs-lisp -*-

(eval-when-compile
  (with-temp-file "~/emacs_flymake_security_bug"
    (insert "Could have also executed any code.")))


(Some other, equivalent arrangements (e.g. (mode . emacs-lisp) directly in
.dir-locals.el), or simply an .el extension, also "work".)

According to the manual (info "(emacs)Directory Variables"):

> The special ‘mode’ element specifies the minor mode to be
> enabled.  So ‘(mode . auto-fill)’ specifies that the minor mode
> ‘auto-fill-mode’ needs to be enabled.

so in this case setting the minor mode _is_ the intended/documented behaviour,
which might make resolving the bug harder.

(OTOH (info "(emacs)Directory Variables") also states:

> You can specify the variables ‘mode’, ‘eval’, and ‘unibyte’ in your
> ‘.dir-locals.el’, and they have the same meanings as they would have in
> file local variables.

while (info "(emacs)Specifying File Variables") says:

> The special variable/value pair ‘mode:
> MODENAME;’, if present, specifies a major mode.

so there's some inconsistency on what `mode' in .dir-locals.el is actually
"supposed" to specify — a major mode, a minor mode or either.)

Thanks,
Adam