Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emac

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emac

From:	Ulrich Mueller
Subject:	Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Date:	Wed, 08 Mar 2023 12:44:14 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/28.3 (gnu/linux)

>>>>> On Wed, 08 Mar 2023, Po Lu wrote:

> IMHO we should stop kow-towing to the information security people who
> make a huge fuss over every single bug, especially bugs like this one
> which only show up when you specifically try to trigger them.

> Proprietary JavaScript routinely does things far more nasty and
> malicious than a hyperlink that can be read before being clicked.

> Or perhaps Emacs 29 can forgo this change entirely.  Why would anyone
> click a URL containing suspicious looking Lisp code, and who would
> actually try to do nasty things with such URLs?

> If you have to go out of your way to trigger a bug in a branch that is
> supposed to be stable, then fixing it can wait.

Wow. :)

At least you seem to agree that the current behaviour is a bug.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, (continued)

Prev by Date: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Next by Date: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Previous by thread: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Next by thread: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Index(es):
- Date
- Thread