Re: Emacs security issues; XEmacs affected?

Mike Kupfer writes: In terms of the mechanism, only .emacs.desktop is (if you get a user to invoke emacs or M-x desktop-read while cd'ed to a directory containing an .emacs.desktop, I'm pretty sure you can get arbitrary code invoked). Unfortunately, probably not, for the same kinds of reasons that visiting a random evil URL can be dangerous. There are many modes that call external code (both libraries linked to XEmacs and programs) to process content. If you really want visiting files to be as safe as you can make it, you probably want to ask permission unless the user owns the file and the group and world write bits are not set. And have a blacklist for directories known to contain downloaded files (eg, email attachments). If you restrict "safe" to "doesn't implicitly execute Lisp code from the file" in XEmacs's default configuration, as far as I know that's safe. No apology needed, not to me anyway. Similar CVEs have been reported in the past, I'm familiar with the attack vector. My answer then was "best policy: don't install emacsen on sensitive hosts, and never allow eval: in local variables". In fact, IMHO local variable evaluation should be limited to an explicit list of variables (which would have to be user-extensible, but that places responsibility where it belongs). And that's my answer now, too. :-) The argument is (1) patching costs developer effort and (2) gives users a false sense of security. These vulnerabilities are introduced by design; they shouldn't be there at all, at least not in core. But AFAIK they are rarely if ever exploited, so I guess GNU compatibility comes first. _______________________________________________ XEmacs-Beta mailing list XEmacs-Beta(a)xemacs.org http://lists.xemacs.org/mailman/listinfo/xemacs-beta