Re: make defcustom automatically mark some variables as safe

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: make defcustom automatically mark some variables as safe

From:	Stefan Monnier
Subject:	Re: make defcustom automatically mark some variables as safe
Date:	Thu, 25 Oct 2007 21:18:14 -0400
User-agent:	Gnus/5.11 (Gnus v5.11) Emacs/23.0.50 (gnu/linux)

> What do people think of the idea of changing defcustom to give
> some variable types a safe-local-variable property by default?

> I mean that, eg, defcustom'ing a variable of :type integer would do:
> (put 'variable 'safe-local-variable 'integerp)

> Similarly for :type boolean (booleanp), string and regexp (stringp),
> and others where it makes sense.

I think this is wrong: one of the main changes in Emacs-22 w.r.t file-local
variables is that we made them safe: from no on, a file-local variable
should never be blindly accepted if we're not "sure" that it's safe.

So this would be a step backward since it would usually make good decisions
but not always (e.g. `enable-local-eval' could very well have been defined
with `:type boolean') so that would introduce security holes until someone
notices them.


        Stefan

[Prev in Thread]

Current Thread

[Next in Thread]

make defcustom automatically mark some variables as safe, Glenn Morris, 2007/10/25
- Re: make defcustom automatically mark some variables as safe, Stefan Monnier <=
  - Re: make defcustom automatically mark some variables as safe, Glenn Morris, 2007/10/25
- Re: make defcustom automatically mark some variables as safe, Richard Stallman, 2007/10/25

Prev by Date: Re: [PATCH] desktop.el: do not save some minor modes
Next by Date: Re: SES bugs and suggestions
Previous by thread: make defcustom automatically mark some variables as safe
Next by thread: Re: make defcustom automatically mark some variables as safe
Index(es):
- Date
- Thread