emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Risky local variable mechanism


From: Stefan Monnier
Subject: Re: Risky local variable mechanism
Date: Thu, 02 Feb 2006 00:05:38 -0500
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (darwin)

>>>> Maybe "string and integer custom vars" are all safe, I don't know.
>>> No, sendmail-program is not safe, nor is max-eval-lisp-depth.
>> Indeed, names of external programs need to be ruled out.
> Maybe all variables matching "-program$" and "-path$" should be
> ruled out.

I'd much rather start with a known-safe set (the empty set) and only add to
it elements that are known to be safe.  Rather than add large unsafe sets
(like all custom vars of type string) and then try to safen them by removing
known unsafe cases.


        Stefan




reply via email to

[Prev in Thread] Current Thread [Next in Thread]