From xemacs-m  Thu Sep 25 06:15:51 1997
Received: from ore (d4-00.ppp.op.net [206.84.209.224])
	by xemacs.org (8.8.5/8.8.5) with ESMTP id GAA17271;
	Thu, 25 Sep 1997 06:15:49 -0500 (CDT)
Received: (from rebecca@localhost)
	by ore (8.8.5/8.8.5) id HAA02212;
	Thu, 25 Sep 1997 07:26:26 -0400
Date: Thu, 25 Sep 1997 07:26:26 -0400
Message-Id: <199709251126.HAA02212@ore>
From: Rebecca Ore <rebecca.ore@op.net>
To: SL Baur <steve@xemacs.org>
Cc: xemacs-beta@xemacs.org
Subject: Fatal serious (security) flaw in XEmacs 19.16/20.3
In-Reply-To: <m2zpp22ae9.fsf@altair.xemacs.org>
References: <m2zpp22ae9.fsf@altair.xemacs.org>
X-Mailer: VM 6.34 under 19.16 "Manhattan" XEmacs Lucid
X-Whitelist: xemacs
X-Face: 6K=<"shjTzCqIa_([BKZ33{P&H\e'[uI6|i_fPUQ~vbU(zvn4],#_oH[_B%LKW|<P#qv`CR
 OP\gD6Q0cn.C.lN>UKQ-$M`Z@YBy.R'$:d|)K.|:b8-YSOd&c0G%.pX0fU7f\,`PZK=F'VxY&K@K1_
 KJ>:4G^H7d+G6!L$wtYR3b^g7%-{(863}6*xVru3f3PeSKmp5fx.P&q9$0aEb^b>E:FMl3^z$&z?Nb
 2N9@QMLdl$|2Y--Q@{P.R'8Coh&KmGji8$<q7+N,u`)kR$33~zS$Z(n+sHJ7Lg|uH/Ztf'JrMiEkX2
 |?7wm!a}\5OqRpPf8P"BO[P&;gGP;4`nY>+XP
Mime-Version: 1.0 (generated by tm-edit 7.106)
Content-Type: text/plain; charset=US-ASCII

SL Baur writes:
 > Please evaluate this function (in a separate invocation if you are
 > reading mail in XEmacs) and report back if you *do not* see an error
 > message or check to see what your system #defines MAXNAMLEN to.
 > 
 > (directory-files "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
 > 
 > I see:
 > 
 > Opening directory: File name too long, #<EMACS BUG: ILLEGAL DATATYPE (#o  7) Save your buffers immediately and please report this bug>
 > 
 
	My program bailed out after the eval and the line Opening
directory : File name too long.... It did this so fast I didn't see if
there was a further message to save buffers.

	Recovery of files pushbutton on VM worked well.

--
Rebecca Ore

