Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 12 Sep 2017 20:08:00 +0200
From: Florian Weimer <fw@...eb.enyo.de>
To: Paul Eggert <eggert@...ucla.edu>
Cc: oss-security@...ts.openwall.com
Subject: Re: GNU Emacs 25.2 enriched text remote code execution

* Paul Eggert:

> == Mitigation ==
>
> To work around the bug in unfixed versions of Emacs, put the following code in 
> your personal or site-wide Emacs init file (~/.emacs, ~/emacs.d/init.el, 
> site-start.el):
>
>    ;; Mitigate Bug#28350 (security) in Emacs 25.2 and earlier.
>    (eval-after-load "enriched"
>      '(defun enriched-decode-display-prop (start end &optional param)
>         (list start end)))

This does not override the function in all cases when enriched is
loaded.  Something like this would be more reliable, but it will of
course slow down the starting of Emacs:

(require 'enriched)
(defun enriched-decode-display-prop (start end &optional param)
  (list start end))

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ