[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Unsafe file variables...
From: |
Stefan Monnier |
Subject: |
Re: Unsafe file variables... |
Date: |
04 Apr 2004 16:11:41 -0400 |
User-agent: |
Gnus/5.09 (Gnus v5.9.0) Emacs/21.3.50 |
> Something like that. I would then customize a variable that tells
> whose signatures I trust enough not to get the stupid question again
> and again.
> Obviously, this also makes it possible for me to look at the local
> variable block once, decide that it is good enough for me, and sign
> it.
> It looks good to me, but it would be good to get comments
> from security experts.
I think that using authentication for such problems is the wrong approach.
We should check the safety of the code instead. Think of it as "check
whether a piece of code is signed" (the Microsoft notion of security) vs
"check that the code type checks" (the Java notion of security).
Now in general it's clearly impossible to check any arbitrary piece of
elisp code and give a good answer. But a good solution was proposed
a while back here: add a customization variable that allows the user to
specify a list of safe code which he's willing to eval in the future.
Stefan
- Unsafe file variables..., David Kastrup, 2004/04/03
- Re: Unsafe file variables..., Richard Stallman, 2004/04/04
- Re: Unsafe file variables..., Stefan Monnier, 2004/04/04
- Re: Unsafe file variables...,
Stefan Monnier <=
- Re: Unsafe file variables..., David Kastrup, 2004/04/04
- Re: Unsafe file variables..., Stefan Monnier, 2004/04/04
- Re: Unsafe file variables..., David Kastrup, 2004/04/04
- Re: Unsafe file variables..., Stefan Monnier, 2004/04/04
- Re: Unsafe file variables..., David Kastrup, 2004/04/05
- Re: Unsafe file variables..., Richard Stallman, 2004/04/05
- Re: Unsafe file variables..., Kim F. Storm, 2004/04/05
- Re: Unsafe file variables..., Richard Stallman, 2004/04/06
- Re: Unsafe file variables..., Kevin Rodgers, 2004/04/07
- Re: Unsafe file variables..., Kim F. Storm, 2004/04/05