[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE-2017-14482 - Red Hat Customer Portal
From: |
Robert Thorpe |
Subject: |
Re: CVE-2017-14482 - Red Hat Customer Portal |
Date: |
Sun, 24 Sep 2017 19:29:17 +0100 |
Philipp Stephani <p.stephani2@gmail.com> writes:
> Eli Zaretskii <eliz@gnu.org> schrieb am So., 24. Sep. 2017 um 04:54 Uhr:
>
>> > From: Yuri Khan <yuri.v.khan@gmail.com>
>> > Date: Sun, 24 Sep 2017 03:50:51 +0700
>> > Cc: "help-gnu-emacs@gnu.org" <help-gnu-emacs@gnu.org>
>> >
>> > On Sun, Sep 24, 2017 at 12:34 AM, Eli Zaretskii <eliz@gnu.org> wrote:
>> >
>> > > Why are you visiting a file about which you know nothing at all?
>> >
>> > Why not? Opening a file in a text editor is not normally considered a
>> > hazardous activity.
>>
>> A file whose source you don't trust or are unfamiliar with should
>> initially be examined with find-file-literally, if your security is
>> indeed important for you. That emulates what most other text editors
>> do when you open a file.
>>
>>
> That's an unrealistic requirement; nobody will ever do this. Emacs must
> make sure to never run untrusted code when visiting a file, unless the user
> explicitly asked for (via the enable-local-eval variable).
I think it would be very useful if Emacs had a concept of trusted-zones.
So, a person could declare their main local partition to be trusted. Or
they could declare it to be trusted except for the browser cache (for
example).
They could declare a lower degree of trust for some directories or
mount-points.
BR,
Robert Thorpe
- Re: CVE-2017-14482 - Red Hat Customer Portal, (continued)
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal, Charles A. Roelli, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Óscar Fuentes, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Glenn Morris, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Yuri Khan, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Philipp Stephani, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal,
Robert Thorpe <=
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Stefan Monnier, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/29
- Message not available
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal, Glenn Morris, 2017/09/25
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/25
- RE: CVE-2017-14482 - Red Hat Customer Portal, Ludwig, Mark, 2017/09/25
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/26
- RE: CVE-2017-14482 - Red Hat Customer Portal, Ludwig, Mark, 2017/09/26