[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] Do not scan for coding declarations in open-file
From: |
Ludovic Courtès |
Subject: |
Re: [PATCH] Do not scan for coding declarations in open-file |
Date: |
Thu, 31 Jan 2013 22:51:58 +0100 |
User-agent: |
Gnus/5.130005 (Ma Gnus v0.5) Emacs/24.2 (gnu/linux) |
Mark H Weaver <address@hidden> skribis:
> My position is that the current coding-auto-detection behavior of
> 'open-file' is likely to lead to security flaws in software built using
> Guile. The issue is that programs that receive text from an untrusted
> source, write those strings to a file, and then read them back in, is
> potentially vulnerable to hostile coding declarations inserted within
> those strings.
The way Emacs handles this is that it detects the ‘coding:’ cookie and
automatically switches the encoding accordingly.
Just mentioning it, because we seem to be hesitant between two opposite
solutions in the design space: one is Emacs, designed to make things
work by default in practical cases, and the other is POSIX, designed to
leave programmers with all the power of a chainsaw.
Ludo’.