bug-texinfo
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: makeinfo function execute feature

From: Robert J. Chassell
Subject: Re: makeinfo function execute feature
Date: Mon, 19 Jan 2004 14:13:36 -0500 (EST) 
       The gnu emacs info mode supports a lisp function execute feature
       upon displaying an info node.

   Wow, I never knew that.  

   Although we could document it and add a Texinfo command to generate it,
   I'm worried about security.  It should at least be disabled by default,
   I would think.

If I remember rightly, the function was first written in 1986 or 1987.
You are right to be worried about security.  You could set the
requisit variable to t instead of nil and write code that could do
anything.  That is why it has been undocumented and disabled by
default.  I did not know the capability had been updated to use an
"execute:" keyword; indeed, I did not know that the ability still
existed.

   It would be nice if makeinfo were modified to add a command for
   inserting a function execute attribute after the end of a node.

Is this a good idea?  As it is implemented, would active node
enablement be too insecure?  Since Info files can come from any one,
should you create a `sand box' in which to run such Emacs Lisp?

And then there is the other, more basic, question:  does inbuilt Emacs
Lisp evaluation fit into the Texinfo paradigm?  Texinfo is designed
for various output formats.  You can write one `deep representation'
and readily produce various surface expressions, which cannot of their
nature, run Emacs Lisp code, such as printed documents,

Fundamentally, I don't think Texinfo should have an `ifinfo-in-Emacs'
feature of this sort that only works inside Emacs or Emacspeak, and
not in the standalone Info reader, not in a non-Emacs Web browser, and
not in a printed book.  It is hard enough dealing with images that the
blind cannot see.  (Although some should be able to feel images on an
embossing display device.  However, I suspect such devices, presuming
they exist, are limited and expensive.  In any case, you do not want
the `situationally blind', such as other car drivers, feeling images
images while they drive; that takes even more attention than listening
to textual email).

Doubtless it is OK to leave the traces of the past in the code, but it
should not be publicized or made easy to use and abuse.

-- 
    Robert J. Chassell                         Rattlesnake Enterprises
    http://www.rattlesnake.com                  GnuPG Key ID: 004B4AC8
    http://www.teak.cc                             address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]