[Date Prev][Date Next][Thread Prev][Thread Next][Author Index][Date Index][Thread Index]
Trojan horses for man pages, emacs mail readers.
- To: <xtech>
- Subject: Trojan horses for man pages, emacs mail readers.
- From: Michael McClary <michael>
- Date: Sat, 28 Apr 90 08:14:06 PDT
Found in alt.security:
Article 239 of alt.security:
>From: tadguy@xxxxxxxxxxxxxxxxxxxxx (Tad Guy)
Subject: gnu emacs local-variables (was Would you believe an nroff virus...)
In article <6321@xxxxxxxxxxxxxxxxxxx> ras@xxxxxxxxxxxxxxxxxxx (Ralph A. Shaw):
> In the "nroff" formatter, ...there is a little-known request for
> executing an arbitrary program.
In the same vein, there's the local-variables feature of GNU Emacs.
According to Info:
| A file can contain a "local variables list", which specifies the
| values to use for certain Emacs variables when that file is edited.
| Two "variable" names are special in a local variables list: a value for
| the variable `mode' really sets the major mode, and a value for the
| variable `eval' is simply evaluated as an expression and the value is
The `eval' variable is especially nasty, since it can make your emacs
do anything when you visit a file containing such a local-variable.
Consider the possibility of a local-variable eval that does some nasty
thing to your system, and then deletes itself from the file you just
But there's a way to partially protect yourself. There's a variable in
GNU Emacs that controls the local-variables' behavior:
| inhibit-local-variables's value is t
| *Non-nil means query before obeying a file's local-variables list.
| This applies when the local-variables list is scanned automatically
| after you find a file. If you explicitly request such a scan with
| M-x normal-mode, there is no query, regardless of this variable.
It's nil by default. By default if you visit a file (perhaps this
message, which has a local variable attached for as a demonstration),
the local variables will be executed, perhaps without your knowledge...
A simple (setq inhibit-local-variables t) in your .emacs makes emacs
ask before doing...
eval: (message "I just boffed your system!")