[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: CVE request: Emacs 21 fast-lock-mode
From: Tavis Ormandy <taviso () sdf ! lonestar ! org>
Date: 2008-05-14 14:46:47
Message-ID: 20080514144646.GB7902 () sdf ! lonestar ! org
[Download RAW message or body]
On Wed, May 14, 2008 at 04:03:34PM +0200, Sven Joachim wrote:
> On 2008-05-14 15:27 +0200, Nico Golde wrote:
>
> > As I am a vim user I might have done something wrong too,
> > not sure. What I did after installing emacs:
Same here, so out of curiosity i ran strace -efile -o log vim, and
edited a few files. I observed vim looking for a directory called
$TMPDIR in the wd, and using it as you would expect. Obviously a bug,
and perhaps some minor security implications, anyone want to
investigate? :-)
(e.g. enter :let foo=system("/bin/ls"))
Thanks, Tavis.
--
-------------------------------------
taviso@sdf.lonestar.org | finger me for my gpg key.
-------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic