I'm obligated by tenants of my faith to point out that the best protection for this exploit is use of Vi(m) or NeoVim. You may throw tomatoes as soon as I duck behind this fence, thank you.
vim used to have similar vulnerabilities (maybe still does?) via modelines:
https://security.stackexchange.com/questions/36001/vim-model...
https://lwn.net/Articles/20249/
Circa 2002-2003, and the LWN comment describing the exact same scope:
"""emacs is the same, if not worse. (See the node File Variables in the info docs.) You get not only to set random buffer-local variables, but also to evaluate arbitrary lisp code. Ouch!"""
At least for file variables, Emacs prompts before loading untrusted values.
Someone took the first tomato!
I'm firmly in the vim camp, just wanting to share the history, utterly surprised (but not...) that it's ~25+ years in the making.
Funny story once checking a bug report, OG founder of the company dropped in: "I like to check in on my bug reports every 10 years..."
It's not just an open-source issue, hard decisions are hard decisions.
The as a fellow renter of your faith, I’m are worried that somebody playing with the “modeline” option might burn down the place.
Best protection from exploits is to disconnect your computer, shut it down, smash it with a sledgehammer, quit your job and become a florist.
Whenever you folks say "just use Bla-bla instead of Emacs", you don't realize it's not even at the level of comparison between iOS and Android.
Emacs provides unique capabilities that other applications simply cannot match in terms of simplicity and power.
Like take for example Dired. Sure, there are number of vim plugins, but none of them match the full power of Emacs' Dired of treating directories as editable text.
Or take Org-mode's source blocks. You can for example execute a piece of javascript, then pipe the result into another block in python, then the results of that into sql and finally output it as a chart.
Or you can use source blocks for literate programming. I use them for managing my dotfiles - my entire system is almost immutable, not at the same level of Nix, but still very nice.
Or take an Emacs package called consult-omni - you can type a search query once and it dynamically dispatches queries to Google, YouTube, Wikipedia, your browser history and other places, aggregating the results in one place. Crazy thing is that the package builts on top of another package which itself uses the built-in functions of Emacs.
The power comes from ability to precisely change a behavior of any given function - built-in or a third party - that precision is just impossible in Vim, VSCode or IntelliJ - in Emacs, you can change specific point of any given function without having to rewrite it.
It's not a matter of "faith" as you put it. People who choose Emacs don't do that because of some dogmas, beliefs or folklore. Emacs has earned its reputation as the most extensible software for sound technical reasons. Naturally, any powerful tool can be wielded for both constructive and destructive purposes. But you can't just suggest replacing a Caterpillar 797F Mining Truck with a electric scooter because of 'security concerns' - what am I supposed to do with my 400-ton payload of customizations?
I'm obligated as part of my faith to point out that nano has none of these issues, as I understand that Vim will still execute arbitrary code in some circumstances
"Tenets" of your faith. "Tenants" means that you are leasing out space in your faith to other people.
Wasn't the protestant reformation more or less about the tenants of that faith not wanting to pay rent anymore?
you're kidding but as an evil-mode user my first thought was "okay, inspect untrusted elisp in vim before opening it in emacs, got it"
Thanks for downvoting! I'm not sure why that isn't a valid approach, but then, I've never understood why people have a competition between a text editor and a Lisp machine that has an implementation of that text editor in it