[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "Local variables" denial-of-service attack
From: |
Stefan Monnier |
Subject: |
Re: "Local variables" denial-of-service attack |
Date: |
Fri, 09 Jan 2009 12:07:48 -0500 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (gnu/linux) |
> Local Variab*les:
> byte-compile-warnings: #1=("circular" "object" . #1#)
> End:
> Visiting such a file will result in Emacs hanging and consuming all
> CPU time. (Normally, aborting with C-g is possible. However, if the
> file is opened with emacsclient there seems to be no way to recover.)
Hmm... that's not good. It's not the end of the world since it's "only"
a DoS, but we should try and fix it. I see two ways:
1 - don't allow (in file-local vars and .dir-local.el) the # escapes
that permit creation of those circular objects.
2 - be more careful about circularities in the
safe-local-variable predicates.
Nb 1 is easier and will solve it "for all cases", so it's probably
a better choice. Of course, it also "denies service" to those rare
individuals who used circular data in file-local variables for
non-DoS purposes. I don't know if there are any on this planet, tho.
Stefan
- Re: "Local variables" denial-of-service attack,
Stefan Monnier <=