[slime-devel] Re: [PATCH] Bind *read-eval* in slime-version-string
Madhu
enometh at meer.net
Thu Apr 17 22:45:42 UTC 2008
* Helmut Eller <87d4oov6sk.fsf at lifebook.lan>
Wrote on Thu, 17 Apr 2008 17:29:31 +0200:
| * Madhu [2008-04-14 07:39+0200] writes:
|
|> SWANK-LOADER::SLIME-VERSION-STRING calls READ on the first form of the
|> ChangeLog file without binding *READ-EVAL* to NIL, which is a potential
|> security hole. This minor patch fixes that, to avoid future dire
|> advisories...
|
| We even load user-init files. Isn't that a much more severe security
| hole?
User init files are lisp files created by the user and intended to be
loaded at startup to customize the system. This is normal and not a
security hole.
However ChangeLog files are not lisp files, and not intended to be
loaded by the system. The security hole is this: it is not a typical
place that one would look for to audit code for safety.
What is your excuse to keep this backdoor mechanism to allow loading of
arbitrary code behind the user's back, assuming you can write the
ChangeLog file?
--
Madhu
More information about the slime-devel
mailing list