|
From: | Andreas Röhler |
Subject: | Re: eval and security |
Date: | Mon, 24 Oct 2016 19:40:54 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Icedove/45.4.0 |
On 24.10.2016 14:31, tomas@tuxteam.de wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Oct 24, 2016 at 02:20:44PM +0200, Andreas Röhler wrote:Hi, remember a saying like "avoid calls like (eval 'my-symbol) in lisp-code" as related to security issues. Is there some reading to learn more? Maybe I'm mistaking something?Perhaps because a randomly downloaded package can redefine 'my-symbol to be something evil?
Yes, that would be the problem. However, the way Emacs works, any symbol might be replaced by such a package, right?
[Prev in Thread] | Current Thread | [Next in Thread] |