bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#74879: 30.0.92; trusted-content-p and trusted-files cannot be used f

From: Daniel Mendler
Subject: bug#74879: 30.0.92; trusted-content-p and trusted-files cannot be used for non-file buffers
Date: Tue, 17 Dec 2024 12:30:14 +0100
User-agent: Gnus/5.13 (Gnus v5.13) 
Dmitry Gutov <dmitry@gutov.dev> writes:

> And with code completion they press C-M-i - which is something people do
> regularly as well. It wouldn't really matter than auto-completion handler runs
> once per input while you only press C-M-i once per minute, or even once per
> hour. To compromise a system or the user's data (this is what we're talking
> about, right?), it only needs to happen once.
>
> I don't imagine we're going to slap a "there be dragons" warning on every
> auto-completion option, and on 'completion-at-point' either.

I don't disagree with your points. For me the issue here has been solved
satisfactorily given Stefan's recent changes in the emacs-30 branch,
such that the trust facilities can be used in non-file buffers.

As for the usefulness of the trust feature - I think one can use it for
both disabling certain dangerous code like macro expansion to close a
security hole, and also to adjust confirmation settings in user
configurations.

For example in trusted buffers or trusted files confirmation a user
might want to execute Org babel or Org links directly, while this should
not happen in downloaded files or buffers coming from Gnus. While
disabling confirmation decreases security, disabling confirmation only
in trusted buffers is still better than disabling confirmation globally.

The same applies to file-local variables. In trusted files, one may want
to activate file-local variables always or with confirmation, while in
untrusted files, local variables should be disabled entirely or only
:safe variables should be loaded.

Daniel
reply via email to
[Prev in Thread] Current Thread [Next in Thread]