Re: eval and security

help-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: eval and security

From:	Philipp Stephani
Subject:	Re: eval and security
Date:	Mon, 24 Oct 2016 18:50:19 +0000

<tomas@tuxteam.de> schrieb am Mo., 24. Okt. 2016 um 14:32 Uhr:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, Oct 24, 2016 at 02:20:44PM +0200, Andreas Röhler wrote:
> > Hi,
> >
> > remember a saying like "avoid calls like (eval 'my-symbol) in
> > lisp-code" as related to security issues.
> >
> > Is there some reading to learn more? Maybe I'm mistaking something?
>
> Perhaps because a randomly downloaded package can redefine 'my-symbol
> to be something evil?
>

Randomly downloaded packages can just say
(eval-when-compile (shell-command "rm -rf /"))
No need to override symbols to do something evil.

[Prev in Thread]

Current Thread

[Next in Thread]

eval and security, Andreas Röhler, 2016/10/24
- Re: eval and security, tomas, 2016/10/24
  - Re: eval and security, Andreas Röhler, 2016/10/24
  - Re: eval and security, Philipp Stephani <=
    - Re: eval and security, Andreas Röhler, 2016/10/25

Prev by Date: Re: eval and security
Next by Date: `ibuffer-saved-filter-groups` case sensitive?
Previous by thread: Re: eval and security
Next by thread: Re: eval and security
Index(es):
- Date
- Thread