Arbitrary shell command evaluation in Org Mode (GNU Emacs)
A vulnerability in Emacs Org mode allowed arbitrary shell command execution. A fix in Emacs 29.4 and Org 9.7.5 prevents unsafe code evaluation in link abbreviations, advising users to apply the patch.
Read original article
A vulnerability in Emacs Org mode was reported by Ihor Radchenko, allowing arbitrary shell command evaluation when opening a specific .org file. The issue could execute commands without user prompts. A fix has been provided and integrated into Emacs 29.4 and Org 9.7.5. The fix prevents the evaluation of unsafe Elisp code in link abbreviations, displaying warnings instead. The patch includes changes to the 'org-link-expand-abbrev' function in 'ol.el' to mitigate potential vulnerabilities. Users are advised to apply the fix from the Org mode git repository. The vulnerability was disclosed on the oss-sec mailing list. Nmap.org, Npcap.com, Seclists.org, Sectools.org, and Insecure.org are related websites mentioned in the context of security tools and resources.
Related
Memory sealing for the GNU C Library
The GNU C Library introduces mseal() system call for enhanced security by preventing address space changes. Adhemerval Zanella's patch series adds support, improving memory manipulation protection in upcoming releases.
Simple ways to find exposed sensitive information
Various methods to find exposed sensitive information are discussed, including search engine dorking, Github searches, and PublicWWW for hardcoded API keys. Risks of misconfigured AWS S3 buckets are highlighted, stressing data confidentiality.
Avoiding Emacs Bankruptcy
Avoid "Emacs bankruptcy" by choosing efficient packages, deleting unnecessary configurations, and focusing on Emacs's core benefits. Prioritize power-to-weight ratio to prevent slowdowns and maintenance issues. Regularly reassess for a streamlined setup.
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
I found an 8 years old bug in Xorg
An 8-year-old Xorg bug related to epoll misuse was found by a picom developer. The bug caused windows to disappear during server lock, traced to CloseDownClient events. Despite limited impact, the developer seeks alternative window tree updates, emphasizing testing and debugging tools.
5 commentsThe loss of on-by-default functionality such as Org fontification in email message buffers is in no way as important as being wide open to trivial remote code execution.
[1] https://github.com/emacs-mirror/emacs/commit/befa9fcaae29a6c...
#+LINK: shell %(shell-command-to-string) [[shell:touch ~/hacked.txt]]
Following ‘shell’ and ‘elisp’ links Org has two link types that can directly evaluate code (see External Links). Because such code is not visible, these links have a potential risk. Org therefore prompts the user when it encounters such links. The customization variables are:
User Option: org-link-shell-confirm-function Function that prompts the user before executing a shell link.
User Option: org-link-elisp-confirm-function Function that prompts the user before executing an Emacs Lisp link.
Non issue. Rtfm.
Related
Memory sealing for the GNU C Library
The GNU C Library introduces mseal() system call for enhanced security by preventing address space changes. Adhemerval Zanella's patch series adds support, improving memory manipulation protection in upcoming releases.
Simple ways to find exposed sensitive information
Various methods to find exposed sensitive information are discussed, including search engine dorking, Github searches, and PublicWWW for hardcoded API keys. Risks of misconfigured AWS S3 buckets are highlighted, stressing data confidentiality.
Avoiding Emacs Bankruptcy
Avoid "Emacs bankruptcy" by choosing efficient packages, deleting unnecessary configurations, and focusing on Emacs's core benefits. Prioritize power-to-weight ratio to prevent slowdowns and maintenance issues. Regularly reassess for a streamlined setup.
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
I found an 8 years old bug in Xorg
An 8-year-old Xorg bug related to epoll misuse was found by a picom developer. The bug caused windows to disappear during server lock, traced to CloseDownClient events. Despite limited impact, the developer seeks alternative window tree updates, emphasizing testing and debugging tools.