oss-sec mailing list archives
Re: Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution
From: Tavis Ormandy <taviso () sdf lonestar org>
Date: Wed, 14 May 2008 14:46:47 +0000
On Wed, May 14, 2008 at 04:03:34PM +0200, Sven Joachim wrote:
On 2008-05-14 15:27 +0200, Nico Golde wrote:As I am a vim user I might have done something wrong too, not sure. What I did after installing emacs:
Same here, so out of curiosity i ran strace -efile -o log vim, and edited a few files. I observed vim looking for a directory called $TMPDIR in the wd, and using it as you would expect. Obviously a bug, and perhaps some minor security implications, anyone want to investigate? :-) (e.g. enter :let foo=system("/bin/ls")) Thanks, Tavis. -- ------------------------------------- taviso () sdf lonestar org | finger me for my gpg key. -------------------------------------------------------
Current thread:
- CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Robert Buchholz (May 10)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Nico Golde (May 12)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Robert Buchholz (May 12)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Nico Golde (May 12)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Robert Buchholz (May 13)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Nico Golde (May 14)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Sven Joachim (May 14)
- Re: Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Nico Golde (May 14)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Sven Joachim (May 14)
- Re: Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Tavis Ormandy (May 14)
- vim $TMPDIR directory stat (was: [oss-security] Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution) Nico Golde (May 14)
- Re: Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Gustavo De Nardin (spuk) (May 14)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Robert Buchholz (May 12)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Nico Golde (May 12)