diff options
| author | Eli Zaretskii | 2017-09-16 12:45:24 +0300 |
|---|---|---|
| committer | Eli Zaretskii | 2017-09-16 12:45:24 +0300 |
| commit | a103dbe36022cd2454eaeed96def1c777c049762 (patch) | |
| tree | a3455f3e0ef50b9bbc1085c3199b4434851ebf35 /etc | |
| parent | 6d6dc246f93486fc8370399b6e1af8a17f371e4f (diff) | |
| download | emacs-a103dbe36022cd2454eaeed96def1c777c049762.tar.gz emacs-a103dbe36022cd2454eaeed96def1c777c049762.zip | |
Disable execution of unsafe Lisp by Enriched Text mode
* src/xdisp.c (handle_display_spec): If the display property is
wrapped in 'disable-eval' form, disable Lisp evaluation while
processing this property.
(handle_single_display_spec): Accept new argument ENABLE_EVAL_P.
If that argument is false, don't evaluate Lisp while processing
display properties.
* lisp/textmodes/enriched.el
(enriched-allow-eval-in-display-props): New defcustom.
(enriched-decode-display-prop): If
enriched-allow-eval-in-display-props is nil, wrap the display
property with 'disable-eval' to disable Lisp evaluation when the
display property is processed for display. (Bug#28350)
* lisp/gnus/mm-view.el (mm-inline-text): Re-enable processing of
enriched text.
* doc/lispref/display.texi (Display Property): Document the
'disable-eval' wrapping of 'display' properties.
* doc/emacs/text.texi (Enriched Properties): Document
'enriched-allow-eval-in-display-props'.
* etc/NEWS: Describe the security issues with Enriched Text mode
and their solution.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/NEWS | 22 |
1 files changed, 22 insertions, 0 deletions
| @@ -117,6 +117,28 @@ The effect is similar to that of "toolBar" resource on the tool bar. | |||
| 117 | 117 | ||
| 118 | * Changes in Emacs 26.1 | 118 | * Changes in Emacs 26.1 |
| 119 | 119 | ||
| 120 | ** Security vulnerability related to Enriched Text mode is removed. | ||
| 121 | |||
| 122 | +++ | ||
| 123 | *** Enriched Text mode does not evaluate Lisp in 'display' properties. | ||
| 124 | This feature allows saving 'display' properties as part of text. | ||
| 125 | Emacs 'display' properties support evaluation of arbitrary Lisp forms | ||
| 126 | as part of processing the property for display, so displaying Enriched | ||
| 127 | Text could be vulnerable to executing arbitrary malicious Lisp code | ||
| 128 | included in the text (e.g., sent as part of an email message). | ||
| 129 | Therefore, execution of arbitrary Lisp forms in 'display' properties | ||
| 130 | decoded by Enriched Text mode is now disabled by default. Customize | ||
| 131 | the new option 'enriched-allow-eval-in-display-props' to a non-nil | ||
| 132 | value to allow Lisp evaluation in decoded 'display' properties. | ||
| 133 | |||
| 134 | This vulnerability was introduced in Emacs 21.1. To work around that | ||
| 135 | in Emacs versions before 25.3, append the following to your ~/.emacs | ||
| 136 | init file: | ||
| 137 | |||
| 138 | (eval-after-load "enriched" | ||
| 139 | '(defun enriched-decode-display-prop (start end &optional param) | ||
| 140 | (list start end))) | ||
| 141 | |||
| 120 | +++ | 142 | +++ |
| 121 | ** Functions in 'write-contents-functions' can fully short-circuit the | 143 | ** Functions in 'write-contents-functions' can fully short-circuit the |
| 122 | 'save-buffer' process. Previously, saving a buffer that was not | 144 | 'save-buffer' process. Previously, saving a buffer that was not |