emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: risky local variable mechanism

From: Luc Teirlinck
Subject: Re: risky local variable mechanism
Date: Sat, 11 Feb 2006 19:10:15 -0600 (CST) 
Jonathan Yavner wrote:

   What exactly is the problem with the current system?

Richard only said that "it was not reliable enough".  There seems to
be a big sense of urgency and importance about this, however.

   What is the minimum change needed to solve the current problem?

I believe that it seems clear from previous postings that Richard is
not interested in a "minimum change" type solution.

   Are there file-local variables with safe values erroneously
   declared unsafe?

I do not believe that we are currently worrying about that.  We are
worrying about mistakenly considering dangerous things safe.

I _believe_ that Richard is mainly concerned with certain variables,
whose value can be a function that Emacs could later call, slipping
through the risky-local-variable-p mechanism.

The new mechanism, which requires an explicit 'safe-local-variable
property for a variable to be considered safe by default, might also
not only prevent this easy type of abuse, but might also prevent
potential more sophisticated types of attack.

Sincerely,

Luc.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]