bug#4218: Security assertion needs modification or more detail

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#4218: Security assertion needs modification or more detail

From:	Chong Yidong
Subject:	bug#4218: Security assertion needs modification or more detail
Date:	Sat, 09 Jan 2010 16:17:22 -0500

> The docstring for compile-command says: "This variable is safe as a
> file local variable if its value satisfies the predicate `stringp'."
> I'd say this is arguable, as it can be set to an arbitrary command
> e.g. "send-me-all-your-passwords; make -k".

Thanks for the bug report.

I think the main risk occurs when the user has customized
compilation-read-command to nil, because then M-x compile does not issue
a prompt.  So, I've changed the predicate to consider compile-command
unsafe if compilation-read-command is nil.

We could be more aggressive and always consider compilation-command
unsafe, but I'm not sure that's warranted.  After all, there is the risk
that your makefile is malicious, anyway.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#4218: Security assertion needs modification or more detail, Chong Yidong <=

Prev by Date: bug#5345: Password asked when visiting a file in a lightweight checkout
Next by Date: bug#5345: marked as done (Password asked when visiting a file in a lightweight checkout)
Previous by thread: bug#4113: 23.1.50; Emacs --daemon resets mac-command-modifier on Mac
Next by thread: bug#5273: marked as done (23.1; format-alist encode vs write-region-post-annotation-function)
Index(es):
- Date
- Thread