oss-sec mailing list archives
Re: Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution
From: "Gustavo De Nardin (spuk)" <gustavodn () mandriva com>
Date: Wed, 14 May 2008 12:44:42 -0300
* Tavis Ormandy <taviso () sdf lonestar org> [2008-05-14 14:46 +0000]:
On Wed, May 14, 2008 at 04:03:34PM +0200, Sven Joachim wrote:On 2008-05-14 15:27 +0200, Nico Golde wrote:As I am a vim user I might have done something wrong too, not sure. What I did after installing emacs:Same here, so out of curiosity i ran strace -efile -o log vim, and edited a few files. I observed vim looking for a directory called $TMPDIR in the wd, and using it as you would expect. Obviously a bug, and perhaps some minor security implications, anyone want to investigate? :-)
Check if it is not a mere package build bug. Anyway, tried something like that and 'grep TMP /tmp/vim.strace' shows nothing to me.
Current thread:
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution, (continued)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Nico Golde (May 12)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Robert Buchholz (May 12)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Nico Golde (May 12)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Robert Buchholz (May 13)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Nico Golde (May 14)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Sven Joachim (May 14)
- Re: Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Nico Golde (May 14)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Sven Joachim (May 14)
- Re: Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Tavis Ormandy (May 14)
- vim $TMPDIR directory stat (was: [oss-security] Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution) Nico Golde (May 14)
- Re: Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Gustavo De Nardin (spuk) (May 14)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Robert Buchholz (May 12)
- Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution Nico Golde (May 12)