From: Eric M. Ludlam Date: Fri, 13 Jan 2012 13:19:25 +0000 (+0800) Subject: Fix EDE security flaw involving loading arbitrary Lisp from Project.ede. X-Git-Tag: emacs-pretest-24.0.93~97^2~17^2~14 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=6e9ddbb313cf7db66550f93a74cbba12e39e93c0;p=emacs.git Fix EDE security flaw involving loading arbitrary Lisp from Project.ede. * lisp/ede.el (ede-project-directories): New option. (ede-directory-safe-p): Check it. (ede-initialize-state-current-buffer, ede, ede-new) (ede-check-project-directory, ede-rescan-toplevel) (ede-load-project-file, ede-parent-project, ede-current-project): (ede-target-parent): Avoid loading in a project unless it is safe, since it may involve malicious code. This security flaw was pointed out by Hiroshi Oota. * lisp/ede/auto.el (ede-project-autoload): Add safe-p slot. (ede-project-class-files): Projects using Project.ede are unsafe. (ede-auto-load-project): New method. * lisp/ede/simple.el (ede-project-class-files): Mark as unsafe. --- 6e9ddbb313cf7db66550f93a74cbba12e39e93c0 diff --cc lisp/cedet/ChangeLog index 7d6f9f570ec,dc43253fcd7..f9a546ec894 --- a/lisp/cedet/ChangeLog +++ b/lisp/cedet/ChangeLog @@@ -1,155 -1,21 +1,172 @@@ + 2012-01-09 Eric Ludlam + + * ede.el (ede-project-directories): New option. + (ede-directory-safe-p): Check it. + (ede-initialize-state-current-buffer, ede, ede-new) + (ede-check-project-directory, ede-rescan-toplevel) + (ede-load-project-file, ede-parent-project, ede-current-project): + (ede-target-parent): Avoid loading in a project unless it is safe, + since it may involve malicious code. This security flaw was + pointed out by Hiroshi Oota. + + * ede/auto.el (ede-project-autoload): Add safe-p slot. + (ede-project-class-files): Projects using Project.ede are unsafe. + (ede-auto-load-project): New method. + + * ede/simple.el (ede-project-class-files): Mark as unsafe. + -2011-04-13 Juanma Barranquero +2011-12-19 Sam Steingold + + * semantic/edit.el (semantic-edits-incremental-parser): Add the + autoload cookie, necessary for JDEE. + +2011-12-06 Juanma Barranquero + + * semantic/bovine/c.el (semantic-tag-abstract-p): Fix typo. + +2011-11-26 Chong Yidong + + * semantic/wisent/python-wy.el: + * semantic/wisent/js-wy.el: + * semantic/wisent/javat-wy.el: + * semantic/bovine/c-by.el: + * semantic/grammar-wy.el: Regenerate. + +2011-11-24 Juanma Barranquero + + * semantic/lex-spp.el (semantic-lex-spp-first-token-arg-list): Fix typo. + +2011-11-20 Juanma Barranquero + + * cedet-cscope.el (cedet-cscope-version-check): + * cedet-global.el (cedet-global-min-version) + (cedet-gnu-global-version-check): + * cedet.el (cedet-version): + * data-debug.el (data-debug-prev, data-debug-contract-current-line): + * ede.el (ede-buffer-belongs-to-project-p, ede-auto-add-to-target) + (ede-new, ede-invoke-method, project-edit-file-target, project-rescan) + (ede-add-project-to-global-list, ede-map-all-subprojects): + * inversion.el (inversion-check-version): + * mode-local.el (mode-local-map-file-buffers, define-child-mode) + (define-overloadable-function): + * pulse.el (pulse-flag, pulse): + * semantic.el (semantic-elapsed-time, semantic-parse-region) + (navigate-menu): + * ede/proj-comp.el (ede-compilation-program): + * semantic/debug.el (semantic-debug-parser-go) + (semantic-debug-parser-fail, semantic-debug-parser-quit) + (semantic-debug-parser-abort): + * semantic/idle.el (semantic-idle-core-handler): + * semantic/bovine/debug.el (semantic-bovine-debug-error-frame): + Fix typos. + +2011-11-16 Juanma Barranquero + + * semantic/lex.el (semantic-lex-tokens): + * semantic/tag-ls.el (semantic-tag-protected-p): + * srecode/mode.el (srecode-prefix-map): Fix typos. + +2011-11-15 Juanma Barranquero + + * ede/project-am.el (project-compile-target-command): Fix typo. + +2011-11-14 Juanma Barranquero + + * ede/auto.el (ede-project-autoload): + * ede/proj-comp.el (ede-makefile-rule): + * semantic/analyze.el (semantic-analyze-current-context): + * semantic/ctxt.el (semantic-get-local-variables): + * semantic/tag-ls.el (semantic-tag-calculate-parent): Fix typos. + +2011-11-03 David Engster + + * srecode.el: + * srecode/texi.el: + * srecode/template.el: + * srecode/java.el: + * srecode/insert.el: + * srecode/document.el: + * srecode/dictionary.el: + * srecode/compile.el: + * semantic/wisent/java-tags.el: + * semantic/texi.el: + * semantic/sort.el: + * semantic/lex-spp.el: + * semantic/idle.el: + * semantic/html.el: + * semantic/db-typecache.el: + * semantic/analyze/complete.el: + * ede/generic.el: + * ede/custom.el: + * ede/cpp-root.el: + * ede/base.el: Fix filenames in comments and headers. + + * semantic/db-find.el: + * srecode/insert.el (srecode-insert-include-lookup): + * ede/proj-comp.el (ede-compilation-program): Fix it's -> its in + comments and docstrings. + + * semantic/ctxt.el (semantic-end-of-context-default): + * semantic/find.el (semantic-find-tags-by-scope-protection): + * semantic/java.el (semantic-documentation-for-tag): Fix typos in + docstrings. + + * semantic/db.el (semanticdb-table, semanticdb-abstract-cache) + (semanticdb-abstract-db-cache): + * semantic/decorate/include.el + (semantic-decoration-unknown-include-describe): Fix filenames in + docstring. + + * semantic/ede-grammar.el (semantic-ede-grammar-compiler-wisent): + (semantic-ede-grammar-compiler-bovine): Fix requires that are + added to the grammar-make-script. + +2011-10-23 Chong Yidong + + * ede.el (ede-maybe-checkout): Function deleted; + vc-toggle-read-only does not do version control now. + + * ede/util.el (ede-make-buffer-writable): Don't use + vc-toggle-read-only. + + * ede/project-am.el (project-remove-file, project-add-file) + (project-new-target): Don't call ede-maybe-checkout. + +2011-10-19 Chong Yidong + + * ede.el (ede-minor-mode,global-ede-mode): + * semantic.el (semantic-mode): Doc fix to reflect new + define-minor-mode calling behavior. + +2011-07-30 Chong Yidong + + * semantic/grammar.el (semantic-grammar-insert-defanalyzers): Fix + require. + +2011-07-04 Darren Hoo (tiny change) + + * semantic/db.el (semanticdb-file-table-object): Don't bug out on + unconfigured projects if `global-ede-mode' is on (bug#8092). + +2011-07-01 Paul Eggert + + * semantic.el (semantic-elapsed-time): Rewrite using + time-subtract and float-time. + +2011-05-11 Glenn Morris + + * semantic/wisent/javascript.el (semantic-get-local-variables): + Use define-mode-local-override rather than its obsolete alias. + +2011-05-10 Jim Meyering + + Fix doubled-word typos. + * ede/pmake.el (ede-proj-makefile-garbage-patterns): the the -> the + * semantic/complete.el (semantic-complete-read-tag-local-members): + Likewise. + * ede.el (ede-auto-add-method): then then -> then + +2011-04-23 Juanma Barranquero * ede/pconf.el (ede-proj-tweak-autoconf, ede-proj-flush-autoconf): * ede/proj-comp.el (ede-proj-tweak-autoconf, ede-proj-flush-autoconf): diff --cc lisp/cedet/ede.el index 5f336df5514,c3a223fad80..cc8b6f53242 --- a/lisp/cedet/ede.el +++ b/lisp/cedet/ede.el @@@ -557,16 -609,76 +611,76 @@@ of objects with the `ede-want-file-p' m ;;; Interactive method invocations ;; - (defun ede (file) - "Start up EDE on something. - Argument FILE is the file or directory to load a project from." - (interactive "fProject File: ") - (if (not (file-exists-p file)) - (ede-new file) - (ede-load-project-file (file-name-directory file)))) + (defun ede (dir) + "Start up EDE for directory DIR. + If DIR has an existing project file, load it. + Otherwise, create a new project for DIR." + (interactive + ;; When choosing a directory to turn on, and we see some directory here, + ;; provide that as the default. + (let* ((top (ede-toplevel-project default-directory)) + (promptdflt (or top default-directory))) + (list (read-directory-name "Project directory: " + promptdflt promptdflt t)))) + (unless (file-directory-p dir) + (error "%s is not a directory" dir)) + (when (ede-directory-get-open-project dir) + (error "%s already has an open project associated with it" dir)) + + ;; Check if the directory has been added to the list of safe + ;; directories. It can also add the directory to the safe list if + ;; the user chooses. + (if (ede-check-project-directory dir) + (progn + ;; If there is a project in DIR, load it, otherwise do + ;; nothing. + (ede-load-project-file dir) + + ;; Check if we loaded anything on the previous line. + (if (ede-current-project dir) + + ;; We successfully opened an existing project. Some open + ;; buffers may also be referring to this project. + ;; Resetting all the buffers will get them to also point + ;; at this new open project. + (ede-reset-all-buffers 1) + + ;; ELSE + ;; There was no project, so switch to `ede-new' which is how + ;; a user can select a new kind of project to create. + (let ((default-directory (expand-file-name dir))) + (call-interactively 'ede-new)))) + + ;; If the proposed directory isn't safe, then say so. + (error "%s is not an allowed project directory in `ede-project-directories'" + dir))) + + (defun ede-check-project-directory (dir) + "Check if DIR should be in `ede-project-directories'. + If it is not, try asking the user if it should be added; if so, + add it and save `ede-project-directories' via Customize. + Return nil iff DIR should not be in `ede-project-directories'." + (setq dir (directory-file-name (expand-file-name dir))) ; strip trailing / + (or (eq ede-project-directories t) + (and (functionp ede-project-directories) + (funcall ede-project-directories dir)) + ;; If `ede-project-directories' is a list, maybe add it. + (when (listp ede-project-directories) + (or (member dir ede-project-directories) + (when (y-or-n-p (format "`%s' is not listed in `ede-project-directories'. + Add it to the list of allowed project directories? " + dir)) + (push dir ede-project-directories) + ;; If possible, save `ede-project-directories'. + (if (or custom-file user-init-file) + (let ((coding-system-for-read nil)) + (customize-save-variable + 'ede-project-directories + ede-project-directories))) + t))))) (defun ede-new (type &optional name) - "Create a new project starting of project type TYPE. + "Create a new project starting from project type TYPE. Optional argument NAME is the name to give this project." (interactive (list (completing-read "Project Type: "