diff options
author | wiz <wiz> | 2012-08-13 06:39:06 +0000 |
---|---|---|
committer | wiz <wiz> | 2012-08-13 06:39:06 +0000 |
commit | 36d9db682ff5ae47e1152911999de15cf171b398 (patch) | |
tree | f33e6687b4268e12e087ff06727941b7acbab375 | |
parent | 249590432418f6de6dfe97f99dde21b531a2f493 (diff) | |
download | pkgsrc-36d9db682ff5ae47e1152911999de15cf171b398.tar.gz |
Fix CVE-2012-3479:
When the Emacs user option `enable-local-variables' is set to `:safe'
(the default value is t), Emacs should automatically refuse to evaluate
`eval' forms in file-local variable sections. Due to the bug, Emacs
instead automatically evaluates such `eval' forms. Thus, if the user
changes the value of `enable-local-variables' to `:safe', visiting a
malicious file can cause automatic execution of arbitrary Emacs Lisp
code with the permissions of the user.
Bug tracker ref: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155
-rw-r--r-- | editors/emacs24/patches/patch-lisp_files.el | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/editors/emacs24/patches/patch-lisp_files.el b/editors/emacs24/patches/patch-lisp_files.el new file mode 100644 index 00000000000..a08377916e9 --- /dev/null +++ b/editors/emacs24/patches/patch-lisp_files.el @@ -0,0 +1,37 @@ +$NetBSD: patch-lisp_files.el,v 1.1 2012/08/13 06:39:06 wiz Exp $ + +CVE-2012-3479: +When the Emacs user option `enable-local-variables' is set to `:safe' +(the default value is t), Emacs should automatically refuse to evaluate +`eval' forms in file-local variable sections. Due to the bug, Emacs +instead automatically evaluates such `eval' forms. Thus, if the user +changes the value of `enable-local-variables' to `:safe', visiting a +malicious file can cause automatic execution of arbitrary Emacs Lisp +code with the permissions of the user. + +Bug tracker ref: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155 + +--- lisp/files.el.orig 2012-05-14 12:00:02.000000000 +0000 ++++ lisp/files.el +@@ -3107,11 +3107,16 @@ DIR-NAME is the name of the associated d + ;; Obey `enable-local-eval'. + ((eq var 'eval) + (when enable-local-eval +- (push elt all-vars) +- (or (eq enable-local-eval t) +- (hack-one-local-variable-eval-safep (eval (quote val))) +- (safe-local-variable-p var val) +- (push elt unsafe-vars)))) ++ (let ((safe (or (hack-one-local-variable-eval-safep ++ (eval (quote val))) ++ ;; In case previously marked safe (bug#5636). ++ (safe-local-variable-p var val)))) ++ ;; If not safe and e-l-v = :safe, ignore totally. ++ (when (or safe (not (eq enable-local-variables :safe))) ++ (push elt all-vars) ++ (or (eq enable-local-eval t) ++ safe ++ (push elt unsafe-vars)))))) + ;; Ignore duplicates (except `mode') in the present list. + ((and (assq var all-vars) (not (eq var 'mode))) nil) + ;; Accept known-safe variables. |