[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Risky local variable mechanism

From: Kim F. Storm
Subject: Re: Risky local variable mechanism
Date: Thu, 02 Feb 2006 13:42:30 +0100
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux)

"Richard M. Stallman" <address@hidden> writes:

>     I rarely use file-local variables, so it's hard for me to figure out which
>     set of restrictions will be best.  Using custom types sounds like a good
>     idea, but note that setting "boolean" variables can be dangerous as well
>     (e.g. enable-local-eval).
> That is a good point--but there are just a few variables which are
> dangerous in that way, and they already are marked.  The big set of
> variables which are dangerous but not marked are those whose values
> can be functions to call.  That is what I am hoping to recognize using
> custom types.
> Another idea: just check to see if the value is a function name, or if
> any function name (including lambda) appears in it.  If so, the value
> is risky.  That is quite simple and does not depend on knowing the
> custom type.

Why not make anything risky, except those explicit settings which
are recorded in safe-local-eval-forms (and add something similar
for variables), and then make it easier to update those lists
when user is queried to approve local variables/forms

Of course, we can still mark certain things 'safe which we explicitly
consider to be safe.

Kim F. Storm <address@hidden> http://www.cua.dk

reply via email to

[Prev in Thread] Current Thread [Next in Thread]