oss-security - Re: Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Wed, 14 May 2008 14:46:47 +0000
From: Tavis Ormandy <taviso@....lonestar.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE request: Emacs 21 fast-lock-mode
	arbitrary lips code execution

On Wed, May 14, 2008 at 04:03:34PM +0200, Sven Joachim wrote:
> On 2008-05-14 15:27 +0200, Nico Golde wrote:
> 
> > As I am a vim user I might have done something wrong too, 
> > not sure. What I did after installing emacs:

Same here, so out of curiosity i ran strace -efile -o log vim, and
edited a few files. I observed vim looking for a directory called
$TMPDIR in the wd, and using it as you would expect. Obviously a bug,
and perhaps some minor security implications, anyone want to
investigate? :-)

(e.g. enter :let foo=system("/bin/ls"))

Thanks, Tavis.

-- 
-------------------------------------
taviso@....lonestar.org | finger me for my gpg key.
-------------------------------------------------------

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.