[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validati

From: Noam Postavsky
Subject: bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter)
Date: Fri, 29 Sep 2017 20:57:20 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.60 (gnu/linux)

Eric Abrahamsen <address@hidden> writes:

> That sounds like the right solution. I've never looked at
> unsafep.el, and don't know exactly how it works,

Basically, there is a whitelist: symbols which have the property `safe',
are ok, stuff like progn is okay if all the things inside are also
`safe'.  So if we can be sure an object constructor does nothing but
create an object then it could be marked safe.

> 3. Object creation could run malicious code *if* someone had overridden
>    `initialize-instance' or `shared-initialize',

Hmm, it might be a difficult to be confident that calling some generic
function is safe.

> I might as well write tests that exercise the whole eieio-persistent
> round-trip: create a few test objects, write them to a tmp file, and
> read them back as objects.

Sounds good.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]