bug#37656: 27.0.50; Arbitrary code execution with special `mode:'

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#37656: 27.0.50; Arbitrary code execution with special `mode:'

From:	Eli Zaretskii
Subject:	bug#37656: 27.0.50; Arbitrary code execution with special `mode:'
Date:	Wed, 16 Oct 2019 10:58:06 +0300

> From: Stefan Kangas <stefan@marxist.se>
> Date: Wed, 16 Oct 2019 01:17:51 +0200
> Cc: 37656@debbugs.gnu.org, Emacs developers <emacs-devel@gnu.org>
> 
> The "multiple mode specification feature" dates back to:
> 9fa7bfe524 1993-09-11 Richard M. Stallman
>     (hack-local-variables-prop-line): Ignore any specification
>     for `mode:', since set-auto-mode has already handled it.
>     (set-auto-mode): Clean up.  Handle more than one `mode:' spec in -*-.
> 
> The code that my proposed patch changes has stayed untouched since
> this 1993 commit.  If we agree that disabling this feature is the
> solution here, a backported security fix should therefore hopefully be
> a one liner all the way back to version 22.1.

This feature was described as "deprecated", but where and why did we
deprecate it?

[Prev in Thread]

Current Thread

[Next in Thread]

bug#37656: 27.0.50; Opening file with specially crafted local variables can cause arbitrary code execution Inbox x, adam plaice, 2019/10/08
- bug#37656: 27.0.50; Arbitrary code execution with special `mode:', adam plaice, 2019/10/15
  - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Stefan Kangas, 2019/10/15
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Stefan Kangas, 2019/10/15
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Stefan Kangas, 2019/10/15
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii <=
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Adam Plaice, 2019/10/16
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Phil Sainty, 2019/10/16
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Adam Plaice, 2019/10/16
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Adam Plaice, 2019/10/15
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Eli Zaretskii, 2019/10/16
    - bug#37656: 27.0.50; Arbitrary code execution with special `mode:', Phil Sainty, 2019/10/15
- bug#37656: 27.0.50; Opening file with specially crafted local variables can cause arbitrary code execution Inbox x, Stefan Monnier, 2019/10/16

Prev by Date: bug#37656: 27.0.50; Arbitrary code execution with special `mode:'
Next by Date: bug#37776: 27.0.50; package.el install does not respect dependencies
Previous by thread: bug#37656: 27.0.50; Arbitrary code execution with special `mode:'
Next by thread: bug#37656: 27.0.50; Arbitrary code execution with special `mode:'
Index(es):
- Date
- Thread