Re: [Emacs-diffs] master f373e81 1/2: New lispref section “Security Cons

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Emacs-diffs] master f373e81 1/2: New lispref section “Security Cons

From:	Eli Zaretskii
Subject:	Re: [Emacs-diffs] master f373e81 1/2: New lispref section “Security Considerations”
Date:	Thu, 22 Oct 2015 17:42:05 +0300

> From: Stefan Monnier <address@hidden>
> Date: Thu, 22 Oct 2015 00:15:13 -0400
> Cc: Paul Eggert <address@hidden>
> 
> >     * doc/lispref/os.texi (Security Considerations):
> >     New node.
> 
> There's also the fact that various features like file-local variables
> mean that opening /some/file/some/where can be dangerous if that file or
> some parent directory is under the control of an attacker.
> 
> We do some effort to protect against such holes, but the risk is very
> real: it only takes a single package setting safe-local-variable too
> optimistically (such as elpa/packages/ada-mode recently, IIRC).

I think at least some of this stuff should be in the User Manual,
perhaps worded slightly differently.  Part of security is in the hands
of the users, Lisp programmers can do very little about that.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Emacs-diffs] master f373e81 1/2: New lispref section “Security Considerations”, Stefan Monnier, 2015/10/22
- Re: [Emacs-diffs] master f373e81 1/2: New lispref section “Security Considerations”, Eli Zaretskii <=

Prev by Date: Re: [PATCH] Add shell-quasiquote.
Next by Date: Question on pcase
Previous by thread: Re: [Emacs-diffs] master f373e81 1/2: New lispref section “Security Considerations”
Next by thread: Re: [Emacs-diffs] master 5e43955 1/2: Don't declare vc-exec-after anymore
Index(es):
- Date
- Thread