On 28/02/2023 16:05, Yuri Khan wrote:
If you open a malicious source file in an editor, you don’t expect it
to execute any code written within, surely not before you press the
Run key. If opening a file for editing trashes your home directory,
it’s a bug and a vulnerability. If opening a file for editing causes
personal information to be sent outside, it’s a bug and a
vulnerability.
Neither of that happened with the linked "vulnerability", though.
It only worked if you pressed "C-c C-f" on a line that contained
something like
require '; rm -rf ~'
