[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Risky local variable mechanism

From: Stefan Monnier
Subject: Re: Risky local variable mechanism
Date: Wed, 01 Feb 2006 12:00:58 -0500
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux)

>> Maybe "string and integer custom vars" are all safe, I don't know.
> No, sendmail-program is not safe, nor is max-eval-lisp-depth.

Indeed, names of external programs need to be ruled out.

OTOH I think the only danger with max-eval-lisp-depth is DoS, which I'd
rather ignore because it's a tremendously harder problem to solve than
direct security holes.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]