[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#4218: Security assertion needs modification or more detail
From: |
Chong Yidong |
Subject: |
bug#4218: Security assertion needs modification or more detail |
Date: |
Sat, 09 Jan 2010 16:17:22 -0500 |
> The docstring for compile-command says: "This variable is safe as a
> file local variable if its value satisfies the predicate `stringp'."
> I'd say this is arguable, as it can be set to an arbitrary command
> e.g. "send-me-all-your-passwords; make -k".
Thanks for the bug report.
I think the main risk occurs when the user has customized
compilation-read-command to nil, because then M-x compile does not issue
a prompt. So, I've changed the predicate to consider compile-command
unsafe if compilation-read-command is nil.
We could be more aggressive and always consider compilation-command
unsafe, but I'm not sure that's warranted. After all, there is the risk
that your makefile is malicious, anyway.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#4218: Security assertion needs modification or more detail,
Chong Yidong <=