[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Risky local variable mechanism
From: |
Richard M. Stallman |
Subject: |
Re: Risky local variable mechanism |
Date: |
Thu, 02 Feb 2006 11:21:27 -0500 |
> Maybe "string and integer custom vars" are all safe, I don't know.
No, sendmail-program is not safe, nor is max-eval-lisp-depth.
The worst you can do by setting max-lisp-eval-depth is to make
Emacs crash or get an error.
I am not sure binding sendmail-program is unsafe.
It will generally have no effect if you bind it locally
in a buffer that isn't a mail buffer. But looking at the more
general issue of binding variables that specify programs to run,
I am not sure how much of a security issue that is,
other than for root. It can only run programs that exist.
Even if you could set sendmail-program globally in Emacs,
could you actually find a value that would predictably do harm?