Re: CVE-2017-14482 - Red Hat Customer Portal

help-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2017-14482 - Red Hat Customer Portal

From:	Philipp Stephani
Subject:	Re: CVE-2017-14482 - Red Hat Customer Portal
Date:	Tue, 26 Sep 2017 17:46:10 +0000

Ludwig, Mark <ludwig.mark@siemens.com> schrieb am Di., 26. Sep. 2017 um
05:44 Uhr:

> > From Glenn Morris, Monday, September 25, 2017 4:27 PM
> >
> > Eli Zaretskii wrote:
> >
> > > A file whose source you don't trust or are unfamiliar with should
> > > initially be examined with find-file-literally, if your security is
> > > indeed important for you.  That emulates what most other text editors
> > > do when you open a file.
> >
> > Wow. I find this an extraordinary statement. For example, it means
> > that "emacs [-Q] somefile" could eg happily delete your home directory.
> > Please reconsider.
>
> It is an unhappy reality, but this is no different from other sophisticated
> file formats.  Consider the wisdom of "firefox foo.html" where
> you do not know what is in foo.html.  You may /think/ you just want to
> "view" what is in foo.html....
>
>
>
Viewing an HTML document will never run arbitrary code, let alone delete
the user's home directory. Unlike Emacs, browsers have pretty good
sandboxes.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: CVE-2017-14482 - Red Hat Customer Portal, (continued)

Prev by Date: Re: Modify text appearance (put spaces after commas just for display)
Next by Date: Re: CVE-2017-14482 - Red Hat Customer Portal
Previous by thread: RE: CVE-2017-14482 - Red Hat Customer Portal
Next by thread: RE: CVE-2017-14482 - Red Hat Customer Portal
Index(es):
- Date
- Thread