Comment 3 for bug 11265

Jan Minar <email address hidden> writes:

> I just tried it with emacs in Woody and indeed, the yes processes
> started to spawn on a fast pace. I went even a bit further and
> found out that the execution is not sandboxed in any way, as I was
> able to execute a script that writes out a script in my home
> directory, chmod +x it, and runs it in turn.

I can verify this in the stable emacs21. So far I've been unable to
reproduce it in unstable (21.3+1-8).

Security team summary: openening the emacs1.emacs file in the
indicated google link with a stable emacs will result in yes being
launched many times without any advance warning to the user. I
presume arbitrary other code might be substituted. I'm not yet sure
how this was changed in 21.3+1, but that version (the one in
testing/unsable) doesn't appear to execute the code provided in either
the emacs1.emacs or emacs2.emacs sample exploits. I'm going to see if
I can locate the relevant diff.

Thanks
--
Rob Browning
rlb @defaultvalue.org and @debian.org; previously @cs.utexas.edu
GPG starting 2002-11-03 = 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4