On 28/02/2023 20:56, Yuri Khan wrote:
On Wed, 1 Mar 2023 at 01:08, Dmitry Gutov<dgu...@yandex.ru> wrote:
On 28/02/2023 16:05, Yuri Khan wrote:
If you open a malicious source file in an editor, you don’t expect it
to execute any code written within, surely not before you press the
Run key. If opening a file for editing trashes your home directory,
it’s a bug and a vulnerability. If opening a file for editing causes
personal information to be sent outside, it’s a bug and a
vulnerability.
Neither of that happened with the linked "vulnerability", though.
It only worked if you pressed "C-c C-f" on a line that contained
something like
require '; rm -rf ~'
(ruby-find-library-file &optional FEATURE-NAME)
Visit a library file denoted by FEATURE-NAME.
FEATURE-NAME is a relative file name, file extension is optional.
[…] When called
interactively, defaults to the feature name in the ‘require’
or ‘gem’ statement around point.
So it’s not an auto-pwn but rather user-assisted, as in,*if* the
attacker can convince you to visit a malicious source file*and* do a
navigation command on a dangerously-looking import,*then* you’re
pwned? That significantly reduces the severity in my book.
Right.
The htmlfontify and etags vulns look a little more severe, though.
