help-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: My emacs was upgraded and I am a novice again


From: Tim X
Subject: Re: My emacs was upgraded and I am a novice again
Date: Sun, 07 Oct 2007 15:45:53 +1000
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1.50 (gnu/linux)

Bruce Korb <address@hidden> writes:

> This addition:  (setq disabled-command-function nil)
> seemed reasonable.  It isn't quite a complete cover tho:
>
>> The local variables list in configure.in
>> contains values that may not be safe (*).
>> 
>> Do you want to apply it?  You can type
>> y  -- to apply the local variables list.
>> n  -- to ignore the local variables list.
>> !  -- to apply the local variables list, and permanently mark these
>>       values (*) as safe (in the future, they will be set automatically.)
>>
>>     mode : autoconf-mode
>>     indent-tabs-mode : nil
>>     sh-indentation : 2
>
> OK, so I've made it permanent so ``sh-indentation 2''
> will no longer be treated with suspicion.  The *NEXT*
> suspicious thing will interrupt me again, however.
> I think that this:
>
>  '(safe-local-variable-values (quote ((sh-indentation . 2))))
>
> should be *ENTIRELY* disabled, not just the one "sh-indentation"
> entry.  I don't exactly know who thinks I need protection from
> nefarious things like two-space indentation, but the reason I
> had that assignment is because I wanted that assignment in there.
>
>> There was never such a user setting in Emacs.  You always had to  
>> enable each command individually (unless you are an advanced user and  
>> know how to set a function to nil without causing damage). 
>
> The problem, of course, are the newly added protections with
> less-than-obvious ways of telling emacs, "Please stop protecting
> me."  In the case above, it is not a disabled command issue.
> It is some collection of variable values that someone thought
> would be "dangerous".  So, I guess, in the end, I'm asking for
> an enhancement:
>
>  (custom-set-variables
>     '(protective-mode nil))
>
> and from that day forth, never worry about emacs protecting me
> from myself ever again.  :-}  Thank you!  Cheers - Bruce
>
>

I think it is resonable to request such a feature and recommend you send
such a request to the emacs-devel list. 

However, it should be explicitly noted that -

1. This is not a new feature. This protection was included in emacs 21 and
I think emacs 20. 

2. The reason isn't so much to protect you from yourself, but protect you
from the malicious aims of others. Theoretically, someone could put a very
malicious (even virus/trojan like) bit of code in the local variables
section of a file. Opening that file in your emacs would cause this to be
executed and could have some nasty or unexpected consequences. 

However, I think as long as the user has to actively disable
checking/verification, it is reasonable to allow such an option. I don't
like software that tries to be too much of a Nanny - if I want to do
something stupid, I should be allowed to!

Tim

-- 
tcross (at) rapttech dot com dot au


reply via email to

[Prev in Thread] Current Thread [Next in Thread]