[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Risky local variable mechanism
From: |
Stefan Monnier |
Subject: |
Re: Risky local variable mechanism |
Date: |
Wed, 01 Feb 2006 12:00:58 -0500 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) |
>> Maybe "string and integer custom vars" are all safe, I don't know.
> No, sendmail-program is not safe, nor is max-eval-lisp-depth.
Indeed, names of external programs need to be ruled out.
OTOH I think the only danger with max-eval-lisp-depth is DoS, which I'd
rather ignore because it's a tremendously harder problem to solve than
direct security holes.
Stefan