Received: (at 24489) by debbugs.gnu.org; 12 Aug 2020 01:38:22 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Aug 11 21:38:22 2020 Received: from localhost ([127.0.0.1]:42235 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1k5fig-0004C0-Hc for submit <at> debbugs.gnu.org; Tue, 11 Aug 2020 21:38:22 -0400 Received: from mail-yb1-f174.google.com ([209.85.219.174]:40488) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <stefankangas@HIDDEN>) id 1k5fic-0004Bi-Cu for 24489 <at> debbugs.gnu.org; Tue, 11 Aug 2020 21:38:21 -0400 Received: by mail-yb1-f174.google.com with SMTP id q3so492611ybp.7 for <24489 <at> debbugs.gnu.org>; Tue, 11 Aug 2020 18:38:18 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:in-reply-to:references:user-agent :mime-version:date:message-id:subject:to:cc; bh=fulqd1FQlwFFODBwYXVr1ODVjIuA5WsB3bpkyuJW8fA=; b=jY8IlKSVO4WSUa1fT3xgMrjKJwCtRRTNH1U2o5/CVMubgxkFCkYo1ZUJ88XZUn0+lR 4V1oAAQMJVUYukSiHQFxFfk5tXlJOhBzMUOO6FNV6ixqoT+8HGPaQHQXsm1/PfGh+nTC klfQtoQ1xYm4CrNP4Kr+s3pZAPuRkaiIB/5Y4qTUOrey/Fw0lNgyQQpXTQ+hIYFNAUtD jMQp7NRX+VLr1k9wFWivvHGb56k3eELNHB9s9DIVICvtGnvSCfha/Ueo69nWBWKidDo1 rEn9+yANiJ2/P+bnFZRb97Z4p5XDb88lTj2HcMwk6kmiimA85+as5VlZmmDxEagiALXk Xl8g== X-Gm-Message-State: AOAM531pgDXB8nlFQtslMSDnLmzla6MSHXO1nSLZWhisuRNVL9akZ7ta s7SDuku7vV0SCS0BEckuUoaByy3MA/teBad7rGA= X-Google-Smtp-Source: ABdhPJypXMaculMYgVA0WSa/6nP6KLvuJK853Vp+MV9kCyaOs/bIvXvH41FiTe1pub+JOfXL7oocLb6QNHz9bAgpjNU= X-Received: by 2002:a25:b290:: with SMTP id k16mr21391006ybj.389.1597196292831; Tue, 11 Aug 2020 18:38:12 -0700 (PDT) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Tue, 11 Aug 2020 18:38:12 -0700 From: Stefan Kangas <stefan@HIDDEN> In-Reply-To: <7ca8f2ur15.fsf@HIDDEN> (Glenn Morris's message of "Tue, 20 Sep 2016 18:48:06 -0400") References: <7ca8f2ur15.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) MIME-Version: 1.0 Date: Tue, 11 Aug 2020 18:38:12 -0700 Message-ID: <CADwFkmkA5ddNYRckbOkReiEtN_KqJHg_KO=VTVvMEydJuRn+zw@HIDDEN> Subject: Re: bug#24489: efaq: security risks To: Glenn Morris <rgm@HIDDEN> Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 24489 Cc: 24489 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Glenn Morris <rgm@HIDDEN> writes: > The (very crufty) Emacs FAQ contains a section: > > "Are there any security risks in Emacs?" > > The stuff about movemail and synthetic X events is archaic. The movemail stuff was removed in 61223a046c (Bug#37818). What do you think we should do about synthetic X events? > There is no mention of the more current problems: > > 1) installing a package runs arbitrary code > Better make sure you trust whoever gave you that package (gpg signing) > and how you got it (https), etc. This was added in the same commit 61223a046c. > 2) using an Emacs mail client to view HTML mail is a security risk if remote > content is fetched (I think it isn't by default, but this might not > apply to every client) Is it important to warn about this privacy issue here? I would expect that any sensible Emacs MUA would disable remote fetching by default, and document the issues with enabling it. > 3) viewing remote HTML content (eg with eww or xwidgets) is likewise a > potential security risk. True, but isn't this a bit too general to be useful in the context of the FAQ? Best regards, Stefan Kangas
bug-gnu-emacs@HIDDEN:bug#24489; Package emacs.
Full text available.
Received: (at 24489) by debbugs.gnu.org; 25 Sep 2016 17:15:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Sep 25 13:15:41 2016
Received: from localhost ([127.0.0.1]:35757 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1boD1h-0006Q9-Kf
for submit <at> debbugs.gnu.org; Sun, 25 Sep 2016 13:15:41 -0400
Received: from eggs.gnu.org ([208.118.235.92]:36896)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <rms@HIDDEN>) id 1boD1g-0006Pw-1N
for 24489 <at> debbugs.gnu.org; Sun, 25 Sep 2016 13:15:40 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <rms@HIDDEN>) id 1boD1Z-0004AL-Ps
for 24489 <at> debbugs.gnu.org; Sun, 25 Sep 2016 13:15:34 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level:
X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD
autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:56616)
by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <rms@HIDDEN>)
id 1boD1J-00046h-MB; Sun, 25 Sep 2016 13:15:17 -0400
Received: from rms by fencepost.gnu.org with local (Exim 4.82)
(envelope-from <rms@HIDDEN>)
id 1boD1I-000817-Uo; Sun, 25 Sep 2016 13:15:16 -0400
Content-Type: text/plain; charset=Utf-8
From: Richard Stallman <rms@HIDDEN>
To: Ted Zlatanov <tzz@HIDDEN>
In-reply-to: <87intmypzs.fsf@HIDDEN> (message from Ted Zlatanov on Fri,
23 Sep 2016 22:45:59 -0400)
Subject: Re: bug#24489: efaq: security risks
References: <7ca8f2ur15.fsf@HIDDEN>
<7ca8f2ur15.fsf@HIDDEN>
<E1bmp24-0002tc-Bz@HIDDEN> <87y42kciee.fsf_-_@HIDDEN>
<E1bnXFI-0005ex-Io@HIDDEN> <87intmypzs.fsf@HIDDEN>
Message-Id: <E1boD1I-000817-Uo@HIDDEN>
Date: Sun, 25 Sep 2016 13:15:16 -0400
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -8.1 (--------)
X-Debbugs-Envelope-To: 24489
Cc: larsi@HIDDEN, 24489 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Reply-To: rms@HIDDEN
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -8.1 (--------)
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> RS> It is no use telling people, "Be afraid of browsing."
> The original suggestion by Glenn was to say that remote HTML content is
> a potential security risk.
Is there a significant difference? I don't see it.
"Browsing" means "looking at remote HTML from web sites".
(Please don't refer to publications or works as "content".
See http://gnu.org/philosophy/words-to-avoid.html.)
Certainly. The FAQ can link to external resources, for instance. I think
in the FAQ we should at least list the libraries that Emacs uses to
render remote content (SVG, XML, PNG, etc.) so the user is aware of
those dependencies and will keep them up to date.
This will require updating, and I don't see that it will benefit
anyone. Thus, I think it is better if we don't put this in.
--
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.
bug-gnu-emacs@HIDDEN:bug#24489; Package emacs.
Full text available.
Received: (at 24489) by debbugs.gnu.org; 24 Sep 2016 02:46:14 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 23 22:46:14 2016
Received: from localhost ([127.0.0.1]:33785 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1bncyj-0003YR-T5
for submit <at> debbugs.gnu.org; Fri, 23 Sep 2016 22:46:14 -0400
Received: from mail-pa0-f46.google.com ([209.85.220.46]:35173)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <tzz@HIDDEN>) id 1bncyh-0003Y9-Me
for 24489 <at> debbugs.gnu.org; Fri, 23 Sep 2016 22:46:12 -0400
Received: by mail-pa0-f46.google.com with SMTP id oz2so45369244pac.2
for <24489 <at> debbugs.gnu.org>; Fri, 23 Sep 2016 19:46:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google;
h=from:to:cc:subject:organization:references:mail-copies-to
:gmane-reply-to-list:date:in-reply-to:message-id:user-agent
:mime-version; bh=ShKOLUqJ6J6+yI2x8pUqecrk37U4rlQ0exv/mavKoqo=;
b=PSt6bBJ1v9rTBK1hU0rImFqR5Z0ap02qu9lS+Fq/Nm1DXvmCIdDV6F0UR3IYQG2dJJ
x44YAsdtN2UDc399Sn4t/S+/dJg4hmn16aOrxiaiJPnRmxpWxQTqI8mfjY5jqpFYLnN1
8wjfxNvV1ABYTyAyK7O2uNkvElWt0za2DTUZA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:from:to:cc:subject:organization:references
:mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id
:user-agent:mime-version;
bh=ShKOLUqJ6J6+yI2x8pUqecrk37U4rlQ0exv/mavKoqo=;
b=h2+ID7mDJ7n5bsMMnkIhEKvvrposebaQ5NZYdgsjQKssI+CM+oocvcz+JFGBpMS59l
X/RHxFLtqDf3r3eiBHE3AcZz5ACFnCdZyeF+rydfvCYr8NRTEFI5jjUtGa29Gu8Uz4QM
NhCLluysJcq6VBdRipDyJdwXhyJmJ/TXh8Zu9vmHDU4Zl6Wtyr4w1wkOjI5nnyyrDwgy
Nz6MM3PuMq0YKPKx/Jg3ASnJwK1etBy1/Hxsr9DI9+o/B5rjh1Y4WPSawEpzbnDUcjOl
czo7MVMXrojBqxcf60obSlhX4HkrkZ+GiOaBX/w/FZmI46sXGP9AI75/BvUUtpok7ho1
6rww==
X-Gm-Message-State: AE9vXwOjKmiUsZHKa5JKdNU1bMJQI2WQDJMG+EUcvZ37QS1diMQvF95PwNN3fMMPfu2sAw==
X-Received: by 10.66.197.228 with SMTP id ix4mr17465708pac.47.1474685165854;
Fri, 23 Sep 2016 19:46:05 -0700 (PDT)
Received: from flea (c-98-229-60-157.hsd1.ma.comcast.net. [98.229.60.157])
by smtp.gmail.com with ESMTPSA id p73sm13731870pfk.60.2016.09.23.19.46.02
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Fri, 23 Sep 2016 19:46:04 -0700 (PDT)
From: Ted Zlatanov <tzz@HIDDEN>
To: Richard Stallman <rms@HIDDEN>
Subject: Re: bug#24489: efaq: security risks
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
References: <7ca8f2ur15.fsf@HIDDEN>
<7ca8f2ur15.fsf@HIDDEN>
<E1bmp24-0002tc-Bz@HIDDEN> <87y42kciee.fsf_-_@HIDDEN>
<E1bnXFI-0005ex-Io@HIDDEN>
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
Gmane-Reply-To-List: yes
Date: Fri, 23 Sep 2016 22:45:59 -0400
In-Reply-To: <E1bnXFI-0005ex-Io@HIDDEN> (Richard Stallman's message
of "Fri, 23 Sep 2016 16:38:56 -0400")
Message-ID: <87intmypzs.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 24489
Cc: larsi@HIDDEN, 24489 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)
On Fri, 23 Sep 2016 16:38:56 -0400 Richard Stallman <rms@HIDDEN> wrote:
RS> [[[ To any NSA and FBI agents reading my email: please consider ]]]
RS> [[[ whether defending the US Constitution against all enemies, ]]]
RS> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>> Images and other resources can carry constructed data and be used as an
>> execution backdoor through browser or library bugs. The following don't
>> necessarily apply to Emacs, they are just examples of the variety and
>> severity of these attacks, which have risen in popularity as direct code
>> injection has become harder:
RS> It is no use telling people, "Be afraid of browsing."
The original suggestion by Glenn was to say that remote HTML content is
a potential security risk. That's a statement of fact and I gave
supporting evidence. Those risks apply to Emacs users, but I don't think
anyone proposed "be afraid" to be the message we should give.
RS> If we can't give any advice more specific than that, it would
RS> be a useless annoyance.
Certainly. The FAQ can link to external resources, for instance. I think
in the FAQ we should at least list the libraries that Emacs uses to
render remote content (SVG, XML, PNG, etc.) so the user is aware of
those dependencies and will keep them up to date.
But the method for that depends on the platform, so... do we explain in
the FAQ? Does Emacs itself warn when libraries are out of date? I don't
know.
Ted
bug-gnu-emacs@HIDDEN:bug#24489; Package emacs.
Full text available.Received: (at 24489) by debbugs.gnu.org; 23 Sep 2016 20:39:22 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 23 16:39:22 2016 Received: from localhost ([127.0.0.1]:33727 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1bnXFi-0002ft-8t for submit <at> debbugs.gnu.org; Fri, 23 Sep 2016 16:39:22 -0400 Received: from eggs.gnu.org ([208.118.235.92]:50099) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <rms@HIDDEN>) id 1bnXFg-0002fh-TA for 24489 <at> debbugs.gnu.org; Fri, 23 Sep 2016 16:39:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <rms@HIDDEN>) id 1bnXFa-0000cG-Mo for 24489 <at> debbugs.gnu.org; Fri, 23 Sep 2016 16:39:15 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_20,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:54488) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <rms@HIDDEN>) id 1bnXFK-0000KP-HE; Fri, 23 Sep 2016 16:38:58 -0400 Received: from rms by fencepost.gnu.org with local (Exim 4.82) (envelope-from <rms@HIDDEN>) id 1bnXFI-0005ex-Io; Fri, 23 Sep 2016 16:38:56 -0400 Content-Type: text/plain; charset=Utf-8 From: Richard Stallman <rms@HIDDEN> To: Ted Zlatanov <tzz@HIDDEN> In-reply-to: <87y42kciee.fsf_-_@HIDDEN> (message from Ted Zlatanov on Thu, 22 Sep 2016 06:56:25 -0400) Subject: Re: bug#24489: efaq: security risks References: <7ca8f2ur15.fsf@HIDDEN> <7ca8f2ur15.fsf@HIDDEN> <E1bmp24-0002tc-Bz@HIDDEN> <87y42kciee.fsf_-_@HIDDEN> Message-Id: <E1bnXFI-0005ex-Io@HIDDEN> Date: Fri, 23 Sep 2016 16:38:56 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -8.1 (--------) X-Debbugs-Envelope-To: 24489 Cc: rgm@HIDDEN, larsi@HIDDEN, 24489 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Reply-To: rms@HIDDEN Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -8.1 (--------) [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > Images and other resources can carry constructed data and be used as an > execution backdoor through browser or library bugs. The following don't > necessarily apply to Emacs, they are just examples of the variety and > severity of these attacks, which have risen in popularity as direct code > injection has become harder: It is no use telling people, "Be afraid of browsing." If we can't give any advice more specific than that, it would be a useless annoyance. -- Dr Richard Stallman President, Free Software Foundation (gnu.org, fsf.org) Internet Hall-of-Famer (internethalloffame.org) Skype: No way! See stallman.org/skype.html.
bug-gnu-emacs@HIDDEN:bug#24489; Package emacs.
Full text available.
Received: (at 24489) by debbugs.gnu.org; 22 Sep 2016 10:56:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Sep 22 06:56:48 2016
Received: from localhost ([127.0.0.1]:60262 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1bn1gK-0002Zh-EB
for submit <at> debbugs.gnu.org; Thu, 22 Sep 2016 06:56:48 -0400
Received: from mail-pa0-f41.google.com ([209.85.220.41]:34869)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <tzz@HIDDEN>) id 1bn1gE-0002ZJ-Ts
for 24489 <at> debbugs.gnu.org; Thu, 22 Sep 2016 06:56:42 -0400
Received: by mail-pa0-f41.google.com with SMTP id oz2so28297996pac.2
for <24489 <at> debbugs.gnu.org>; Thu, 22 Sep 2016 03:56:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google;
h=from:to:cc:subject:organization:references:mail-copies-to
:gmane-reply-to-list:date:in-reply-to:message-id:user-agent
:mime-version; bh=tgHfP2tZU8NgDlEb6pAk+M0sG+hUPp2gsRW5HvwnaBY=;
b=pjkCz/HfcU4YpWWelclI6eYk7pWuCA6gvVYPqPocWcyszDalQZsmLLUwQYYHnmZpHY
mXQIlwFOMph7FfPkj5XIyhzv1XzwC4tP5je1XjYP25pwiMqoDD9+n9W+d6Ib3FpJBz+H
HR30dc3zHatGaUa8iQ+/13u3Sh4ZpJfY5/yoc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:from:to:cc:subject:organization:references
:mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id
:user-agent:mime-version;
bh=tgHfP2tZU8NgDlEb6pAk+M0sG+hUPp2gsRW5HvwnaBY=;
b=lE6Z2j7cjJcjAVCsMaM3RWNywb47iMoGyiUrVLl038ajkRQ+Dl/qJBz4elpkpKVMDz
0WAAhe0AfrM1KBUPP2clJvvhkzvSaAehP8K7TwyXTG/IxFSlbWvdYZde92U1rCQiyVYw
fSaM4isenEHpjMmsWKW1CKDpCBqvpaxVsZRsUtJ8ifyYd//U0PK/hrWhtw1sfFeksMXI
fxtlZCDTBRpkCUgzSz9wTcGoMl43dtHdG5F0xQlPiwxx5HEgMHiwEHxqVLDhxvIKdrTp
35Qkw30CqXWqKRbkItH4377g6ik3wszIrVWydk1Ybx3Ai5JRQxfceI0YWC47fZOKyu3k
uiqw==
X-Gm-Message-State: AE9vXwM18iuET3yUcj8hitAAb2HMs9A62mv98wM87fhtyTrl+l3GGDZv/+Z7v7yTj90F1A==
X-Received: by 10.66.144.5 with SMTP id si5mr2224624pab.158.1474541792970;
Thu, 22 Sep 2016 03:56:32 -0700 (PDT)
Received: from flea (c-98-229-60-157.hsd1.ma.comcast.net. [98.229.60.157])
by smtp.gmail.com with ESMTPSA id z187sm3212808pfz.39.2016.09.22.03.56.29
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 22 Sep 2016 03:56:32 -0700 (PDT)
From: Ted Zlatanov <tzz@HIDDEN>
To: Richard Stallman <rms@HIDDEN>
Subject: Re: bug#24489: efaq: security risks
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
References: <7ca8f2ur15.fsf@HIDDEN>
<7ca8f2ur15.fsf@HIDDEN>
<E1bmp24-0002tc-Bz@HIDDEN>
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
Gmane-Reply-To-List: yes
Date: Thu, 22 Sep 2016 06:56:25 -0400
In-Reply-To: <E1bmp24-0002tc-Bz@HIDDEN> (Richard Stallman's message
of "Wed, 21 Sep 2016 17:26:20 -0400, Wed,
21 Sep 2016 00:53:13 +0200")
Message-ID: <87y42kciee.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 24489
Cc: Glenn Morris <rgm@HIDDEN>, Lars Ingebrigtsen <larsi@HIDDEN>,
24489 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)
On Wed, 21 Sep 2016 17:26:20 -0400 Richard Stallman <rms@HIDDEN> wrote:
>> 2) using an Emacs mail client to view HTML mail is a security risk if remote
>> content is fetched (I think it isn't by default, but this might not
>> apply to every client)
RS> Could you explain why you think it is a security risk?
On Wed, 21 Sep 2016 00:53:13 +0200 Lars Ingebrigtsen <larsi@HIDDEN> wrote:
LI> Glenn Morris <rgm@HIDDEN> writes:
>> 2) using an Emacs mail client to view HTML mail is a security risk if remote
>> content is fetched (I think it isn't by default, but this might not
>> apply to every client)
>>
>> 3) viewing remote HTML content (eg with eww or xwidgets) is likewise a
>> potential security risk.
LI> Do you mean privacy risk?
Images and other resources can carry constructed data and be used as an
execution backdoor through browser or library bugs. The following don't
necessarily apply to Emacs, they are just examples of the variety and
severity of these attacks, which have risen in popularity as direct code
injection has become harder:
http://arstechnica.com/security/2016/05/easily-exploited-bug-exposes-huge-number-of-sites-to-code-execution-attacks/
http://www.pcworld.com/article/2950578/security/microsoft-rushes-out-emergency-security-update-to-fix-critical-windows-flaw.html
http://fortune.com/2016/07/20/apple-security-bug-password-steal-text/
That being said, privacy risks can also become security risks and I think
the FAQ could be extended to include both.
Ted
bug-gnu-emacs@HIDDEN:bug#24489; Package emacs.
Full text available.Received: (at 24489) by debbugs.gnu.org; 21 Sep 2016 21:26:29 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Sep 21 17:26:29 2016 Received: from localhost ([127.0.0.1]:60015 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1bmp2D-0007vI-CD for submit <at> debbugs.gnu.org; Wed, 21 Sep 2016 17:26:29 -0400 Received: from eggs.gnu.org ([208.118.235.92]:43320) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <rms@HIDDEN>) id 1bmp2B-0007v2-62 for 24489 <at> debbugs.gnu.org; Wed, 21 Sep 2016 17:26:27 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <rms@HIDDEN>) id 1bmp25-0001BO-8y for 24489 <at> debbugs.gnu.org; Wed, 21 Sep 2016 17:26:22 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_05,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:44439) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <rms@HIDDEN>) id 1bmp25-0001BA-6S for 24489 <at> debbugs.gnu.org; Wed, 21 Sep 2016 17:26:21 -0400 Received: from rms by fencepost.gnu.org with local (Exim 4.82) (envelope-from <rms@HIDDEN>) id 1bmp24-0002tc-Bz; Wed, 21 Sep 2016 17:26:20 -0400 Content-Type: text/plain; charset=Utf-8 From: Richard Stallman <rms@HIDDEN> To: Glenn Morris <rgm@HIDDEN> In-reply-to: <7ca8f2ur15.fsf@HIDDEN> (message from Glenn Morris on Tue, 20 Sep 2016 18:48:06 -0400) Subject: Re: bug#24489: efaq: security risks References: <7ca8f2ur15.fsf@HIDDEN> Message-Id: <E1bmp24-0002tc-Bz@HIDDEN> Date: Wed, 21 Sep 2016 17:26:20 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -8.1 (--------) X-Debbugs-Envelope-To: 24489 Cc: 24489 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Reply-To: rms@HIDDEN Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -8.1 (--------) [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > 2) using an Emacs mail client to view HTML mail is a security risk if remote > content is fetched (I think it isn't by default, but this might not > apply to every client) Could you explain why you think it is a security risk? -- Dr Richard Stallman President, Free Software Foundation (gnu.org, fsf.org) Internet Hall-of-Famer (internethalloffame.org) Skype: No way! See stallman.org/skype.html.
bug-gnu-emacs@HIDDEN:bug#24489; Package emacs.
Full text available.Received: (at 24489) by debbugs.gnu.org; 20 Sep 2016 22:54:56 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 20 18:54:56 2016 Received: from localhost ([127.0.0.1]:58560 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1bmTwG-0007lc-Ky for submit <at> debbugs.gnu.org; Tue, 20 Sep 2016 18:54:56 -0400 Received: from hermes.netfonds.no ([80.91.224.195]:48089) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <larsi@HIDDEN>) id 1bmTwF-0007lT-MK for 24489 <at> debbugs.gnu.org; Tue, 20 Sep 2016 18:54:56 -0400 Received: from cm-84.215.1.64.getinternet.no ([84.215.1.64] helo=stories) by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <larsi@HIDDEN>) id 1bmTw8-0002zc-JE; Wed, 21 Sep 2016 00:54:52 +0200 From: Lars Ingebrigtsen <larsi@HIDDEN> To: Glenn Morris <rgm@HIDDEN> Subject: Re: bug#24489: efaq: security risks References: <7ca8f2ur15.fsf@HIDDEN> Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAIVBMVEX/Kmb/KWX/J2XKIl// K2ZDE1X/KmL/KGX+KGT/KmhnH2YYvW3gAAACOUlEQVQ4jXWUsW7bMBCG9QwZOreXgA1XEw0cji5B hF0LAYVHSiCkPkCBjrUBIclIE0auYwQbtp6yR1KyjTa9QSL58b//TiRUlP+JQrwdu8JNwfILnAsc P5cnYCG/O2c5vlyAX1HRREXDeaguUm2jLDLrwV+CVQTadiRC3JxBC5oMdANsBcgvwGQOFPxS0RBQ NWVkFv3foK1r11iL5HHZR+d0INAkEBXs7KHUA8AJjKboXF0rlwEORfwISYFJYYG5SWHZ5OGcdo+s nRTNyUO7Dw7OILkzRmDBuYNuBOt5V1V3XTOHqlpwnL+Ie0RBoPoqpJRCCvgkLf8tRC/Epo+pXp8P 4rvYt9jLp4/zB3EgcIxgf72XvdjjRsgWjlIM3wTKewKH9Z1wQuDzIA2KL+KVxngkMFvPCFS9qGTP rwcxu5bHgRRN7o9x/04jgqfjiOXGrwvxo9D0vUJsz6CjEYuNc0+dAfoMdoUlcMs6RkkC0rKPJxsP KgLSxK20kQMCeB7BYwYcMuBxRrekLNiKwS3/QRMwBEwy57GqFUCzuKFUuCWP0ZwTsNwC0gX3mAN8 rqoztBiCwSlODRo0qOp4OtQgja+uMqhV0FopMwLc5pRl8XQTVBsz/cSQFA7z0XYYtApkwhOgMsx4 GVSgPIFKH8P76ZbUBIxOu5MJTkBpE1Q0Dsak5whqRashjAKTa0seFCbgCZgzMHlTthgjVWXw3xiK nm7SW1GkX81yKJfjgCI9i3IX58sRDLRll/gfK5rir9cQfIYAAAAASUVORK5CYII= Date: Wed, 21 Sep 2016 00:53:13 +0200 In-Reply-To: <7ca8f2ur15.fsf@HIDDEN> (Glenn Morris's message of "Tue, 20 Sep 2016 18:48:06 -0400") Message-ID: <m3shsurxnq.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 24489 Cc: 24489 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 0.0 (/) Glenn Morris <rgm@HIDDEN> writes: > 2) using an Emacs mail client to view HTML mail is a security risk if remote > content is fetched (I think it isn't by default, but this might not > apply to every client) > > 3) viewing remote HTML content (eg with eww or xwidgets) is likewise a > potential security risk. Do you mean privacy risk? -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no
bug-gnu-emacs@HIDDEN:bug#24489; Package emacs.
Full text available.
Received: (at submit) by debbugs.gnu.org; 20 Sep 2016 22:48:14 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 20 18:48:14 2016
Received: from localhost ([127.0.0.1]:58555 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1bmTpl-0007bo-Ui
for submit <at> debbugs.gnu.org; Tue, 20 Sep 2016 18:48:14 -0400
Received: from eggs.gnu.org ([208.118.235.92]:52583)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <rgm@HIDDEN>) id 1bmTpl-0007bc-0y
for submit <at> debbugs.gnu.org; Tue, 20 Sep 2016 18:48:13 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <rgm@HIDDEN>) id 1bmTpf-0008AL-2c
for submit <at> debbugs.gnu.org; Tue, 20 Sep 2016 18:48:07 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level:
X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD
autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:51402)
by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <rgm@HIDDEN>)
id 1bmTpf-0008AE-0D
for submit <at> debbugs.gnu.org; Tue, 20 Sep 2016 18:48:07 -0400
Received: from rgm by fencepost.gnu.org with local (Exim 4.82)
(envelope-from <rgm@HIDDEN>)
id 1bmTpe-0006f9-Gx; Tue, 20 Sep 2016 18:48:06 -0400
From: Glenn Morris <rgm@HIDDEN>
To: submit <at> debbugs.gnu.org
Subject: efaq: security risks
X-Spook: Standoff Chemical Jyllandsposten fundamentalist Echelon
X-Ran: O<kH5#,>6Tg|(P>I,RNU8[/;cD`#~i(?_9|5{fZL!7|k*4n/\7aCIt(t7)RRmyE37y{d2N
X-Hue: red
X-Debbugs-No-Ack: yes
X-Attribution: GM
Date: Tue, 20 Sep 2016 18:48:06 -0400
Message-ID: <7ca8f2ur15.fsf@HIDDEN>
User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)
MIME-Version: 1.0
Content-Type: text/plain
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -8.1 (--------)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -8.1 (--------)
Package: emacs
Severity: minor
Tags: security
Version: 25.1
The (very crufty) Emacs FAQ contains a section:
"Are there any security risks in Emacs?"
The stuff about movemail and synthetic X events is archaic.
There is no mention of the more current problems:
1) installing a package runs arbitrary code
Better make sure you trust whoever gave you that package (gpg signing)
and how you got it (https), etc.
2) using an Emacs mail client to view HTML mail is a security risk if remote
content is fetched (I think it isn't by default, but this might not
apply to every client)
3) viewing remote HTML content (eg with eww or xwidgets) is likewise a
potential security risk.
bug-gnu-emacs@HIDDEN:bug#24489; Package emacs.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.