bug#66390: `man' allows to inject arbitrary shell code

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#66390: `man' allows to inject arbitrary shell code

From:	Max Nikulin
Subject:	bug#66390: `man' allows to inject arbitrary shell code
Date:	Thu, 11 Jan 2024 21:34:43 +0700
User-agent:	Mozilla Thunderbird

On 11/01/2024 19:07, Ihor Radchenko wrote:

Stefan Kangas writes:

OK, I've now installed the change on master (820f0793f0b).  I'm tagging
the bug "security" to make it easier to find for distro maintainers.

Ihor, I'm copying in you as well, in case you want to add a workaround
for this security-relevant bug to Org mode as well.

[...]

Fixed, on bugfix (for the next Org bugfix release).
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=bc3caa8f9


Ihor, I am confused by `org-man-store-link' call in

(if (org-man-store-link (equal (Man-translate-references ";id") "\\;id"))

Is it intentional? I hope, the following is not an issue:

(let ((system-type 'ms-dos))
  (shell-quote-argument ";id"))
"\";id\""

no "\\;id"

[Prev in Thread]

Current Thread

[Next in Thread]

bug#66390: `man' allows to inject arbitrary shell code, Stefan Kangas, 2024/01/10
- bug#66390: `man' allows to inject arbitrary shell code, Ihor Radchenko, 2024/01/11
  - bug#66390: `man' allows to inject arbitrary shell code, Max Nikulin <=
    - bug#66390: `man' allows to inject arbitrary shell code, Ihor Radchenko, 2024/01/11
    - bug#66390: `man' allows to inject arbitrary shell code, Eli Zaretskii, 2024/01/11
    - bug#66390: `man' allows to inject arbitrary shell code, Ihor Radchenko, 2024/01/11

Prev by Date: bug#68375: 29.1; lispref documentation fixes
Next by Date: bug#68377: Cannot commit parts of *vc-diff* on Microsoft Windows
Previous by thread: bug#66390: `man' allows to inject arbitrary shell code
Next by thread: bug#66390: `man' allows to inject arbitrary shell code
Index(es):
- Date
- Thread