[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: eval and security
From: |
Philipp Stephani |
Subject: |
Re: eval and security |
Date: |
Mon, 24 Oct 2016 18:50:19 +0000 |
<tomas@tuxteam.de> schrieb am Mo., 24. Okt. 2016 um 14:32 Uhr:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, Oct 24, 2016 at 02:20:44PM +0200, Andreas Röhler wrote:
> > Hi,
> >
> > remember a saying like "avoid calls like (eval 'my-symbol) in
> > lisp-code" as related to security issues.
> >
> > Is there some reading to learn more? Maybe I'm mistaking something?
>
> Perhaps because a randomly downloaded package can redefine 'my-symbol
> to be something evil?
>
Randomly downloaded packages can just say
(eval-when-compile (shell-command "rm -rf /"))
No need to override symbols to do something evil.