Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Wed, 14 May 2008 14:46:47 +0000
From: Tavis Ormandy <taviso@....lonestar.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE request: Emacs 21 fast-lock-mode
	arbitrary lips code execution

On Wed, May 14, 2008 at 04:03:34PM +0200, Sven Joachim wrote:
> On 2008-05-14 15:27 +0200, Nico Golde wrote:
> 
> > As I am a vim user I might have done something wrong too, 
> > not sure. What I did after installing emacs:

Same here, so out of curiosity i ran strace -efile -o log vim, and
edited a few files. I observed vim looking for a directory called
$TMPDIR in the wd, and using it as you would expect. Obviously a bug,
and perhaps some minor security implications, anyone want to
investigate? :-)

(e.g. enter :let foo=system("/bin/ls"))

Thanks, Tavis.

-- 
-------------------------------------
taviso@....lonestar.org | finger me for my gpg key.
-------------------------------------------------------

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux