I believe that the "other ways to cause harm" that mention applies here,
but this is the docs that explain the thing I'm talking about:
https://docs.racket-lang.org/gui/editor-overview.html?q=snip-class#%28part._editorsnipclasses%29
It would require the attacker put the file on the disk in a
To make sure I'm understanding correctly, as long as the code verifies that
the given snipclass is in (get-the-snip-class-list), it should be
relatively safe? So the only way that the user would run malicious code in
this case is if they installed a malicious package first, in which case
there
The issue I mention in 157 is different than this one.
In this situation, the snipclass needs to be installed somehow before its
code will be loaded, but that installation can happen by a require
(triggered by the opening of that snip). So it may be that you have code
installed in a collection
I don't know much about this specific case, but see Robby's comment about
how "DrRacket can run user (untrusted) code in certain situations" at
https://github.com/racket/gui/issues/157. A concrete problem I found is
that you can have a snip running `struct->vector` and it will successfully
extract
There are some well-known vulnerabilities that are a result of
deserializing untrusted inputs. Are editor snips restrictive enough that
their deserialization is safe? After all, they are already loaded when a
file is opened in DrRacket, and a file on the disk may originate from an
untrusted
5 matches
Mail list logo
