[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Risky local variable mechanism
From: |
Stefan Monnier |
Subject: |
Re: Risky local variable mechanism |
Date: |
Thu, 02 Feb 2006 00:05:38 -0500 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (darwin) |
>>>> Maybe "string and integer custom vars" are all safe, I don't know.
>>> No, sendmail-program is not safe, nor is max-eval-lisp-depth.
>> Indeed, names of external programs need to be ruled out.
> Maybe all variables matching "-program$" and "-path$" should be
> ruled out.
I'd much rather start with a known-safe set (the empty set) and only add to
it elements that are known to be safe. Rather than add large unsafe sets
(like all custom vars of type string) and then try to safen them by removing
known unsafe cases.
Stefan