Your message dated Mon, 26 Feb 2024 15:16:21 +0200
with message-id <878r37z7q2....@iki.fi>
and subject line Close another long-fixed bug
has caused the Debian Bug report #1010152,
regarding emacs-gtk: tries to read a config file from another user's home dir
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1010152: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010152
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: emacs-gtk
Version: 1:27.1+1-3.1+b1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
After wondering why Emacs was hanging on startup after a reinstallation
of machines with Debian 11 at my lab, I looked at the strace output
(strace -o str.out -f /usr/bin/emacs-gtk -Q) and could see:
[...]
380295 openat(AT_FDCWD, "/usr/share/X11/POSIX/app-defaults/Emacs", O_RDONLY) =
-1 ENOENT (No such file or directory)
380295 openat(AT_FDCWD, "/usr/share/X11/POSIX/app-defaults/Emacs", O_RDONLY) =
-1 ENOENT (No such file or directory)
380295 openat(AT_FDCWD, "/usr/share/X11/app-defaults/Emacs", O_RDONLY) = -1
ENOENT (No such file or directory)
380295 openat(AT_FDCWD, "/usr/share/X11/POSIX/app-defaults/Emacs", O_RDONLY) =
-1 ENOENT (No such file or directory)
380295 openat(AT_FDCWD, "/usr/share/X11/POSIX/app-defaults/Emacs", O_RDONLY) =
-1 ENOENT (No such file or directory)
380295 openat(AT_FDCWD, "/usr/share/X11/app-defaults/Emacs", O_RDONLY) = -1
ENOENT (No such file or directory)
380295 openat(AT_FDCWD, "/usr/lib/X11/POSIX/app-defaults/Emacs", O_RDONLY) = -1
ENOENT (No such file or directory)
380295 openat(AT_FDCWD, "/usr/lib/X11/POSIX/app-defaults/Emacs", O_RDONLY) = -1
ENOENT (No such file or directory)
380295 openat(AT_FDCWD, "/usr/lib/X11/app-defaults/Emacs", O_RDONLY) = -1
ENOENT (No such file or directory)
380295 openat(AT_FDCWD, "/usr/lib/X11/POSIX/app-defaults/Emacs", O_RDONLY) = -1
ENOENT (No such file or directory)
380295 openat(AT_FDCWD, "/usr/lib/X11/POSIX/app-defaults/Emacs", O_RDONLY) = -1
ENOENT (No such file or directory)
380295 openat(AT_FDCWD, "/usr/lib/X11/app-defaults/Emacs", O_RDONLY) = -1
ENOENT (No such file or directory)
380295 openat(AT_FDCWD, "/home/vlefevre/.app-defaults/POSIX/Emacs", O_RDONLY) =
-1 ENOENT (No such file or directory)
380295 openat(AT_FDCWD, "/home/vlefevre/.app-defaults/Emacs", O_RDONLY) = -1
ENOENT (No such file or directory)
380295 openat(AT_FDCWD, "/home/vlefevrePOSIX/Emacs", O_RDONLY) = -1 ENOENT (No
such file or directory)
380295 openat(AT_FDCWD, "/home/vlefevreEmacs", O_RDONLY) = -1 ENOENT (No such
file or directory)
[...]
So, Emacs tries to open /home/vlefevrePOSIX/Emacs and
/home/vlefevreEmacs, which potentially belong to other users!
Moreover, here, this makes Emacs hang for several dozens of seconds
possibly due to a timeout in the automounter or something like that.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500,
'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.17.0-1-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages emacs-gtk depends on:
ii emacs-bin-common 1:27.1+1-3.1+b1
ii emacs-common 1:27.1+1-3.1
ii libacl1 2.3.1-1
ii libasound2 1.2.6.1-2+b1
ii libc6 2.33-7
ii libcairo2 1.16.0-5
ii libdbus-1-3 1.14.0-1
ii libfontconfig1 2.13.1-4.4
ii libfreetype6 2.11.1+dfsg-1
ii libgdk-pixbuf-2.0-0 2.42.8+dfsg-1
ii libgif7 5.1.9-2.1
ii libglib2.0-0 2.72.1-1
ii libgmp10 2:6.2.1+dfsg-3
ii libgnutls30 3.7.4-2
ii libgpm2 1.20.7-10
ii libgtk-3-0 3.24.33-1
ii libharfbuzz0b 2.7.4-1+b1
ii libice6 2:1.0.10-1
ii libjansson4 2.14-2
ii libjpeg62-turbo 1:2.1.2-1
ii liblcms2-2 2.12~rc1-2
ii libm17n-0 1.8.0-4
ii libotf1 0.9.16-3
ii libpango-1.0-0 1.50.6+ds-2
ii libpng16-16 1.6.37-4
ii librsvg2-2 2.52.5+dfsg-3+b1
ii libselinux1 3.3-1+b2
ii libsm6 2:1.2.3-1
ii libsystemd0 250.4-1
ii libtiff5 4.3.0-6
ii libtinfo6 6.3-2
ii libx11-6 2:1.7.5-1
ii libxext6 2:1.3.4-1
ii libxfixes3 1:6.0.0-1
ii libxml2 2.9.13+dfsg-1+b1
ii libxrender1 1:0.9.10-1
ii zlib1g 1:1.2.11.dfsg-4
emacs-gtk recommends no packages.
Versions of packages emacs-gtk suggests:
ii emacs-common-non-dfsg 1:27.1+1-2
-- no debconf information
--
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
--- End Message ---
--- Begin Message ---
Version: 1:27.2~
The bug log again states that this issue has been fixed in 2022, but the
bug was kept open perhaps to track that the fix reaches stable. That has
also happened, so close it.
--
Arto Jantunen
--- End Message ---
