[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Risky local variable mechanism

From: Richard M. Stallman
Subject: Re: Risky local variable mechanism
Date: Thu, 02 Feb 2006 11:21:27 -0500

    > Maybe "string and integer custom vars" are all safe, I don't know.

    No, sendmail-program is not safe, nor is max-eval-lisp-depth.

The worst you can do by setting max-lisp-eval-depth is to make
Emacs crash or get an error.

I am not sure binding sendmail-program is unsafe.
It will generally have no effect if you bind it locally
in a buffer that isn't a mail buffer.  But looking at the more
general issue of binding variables that specify programs to run,
I am not sure how much of a security issue that is,
other than for root.  It can only run programs that exist.
Even if you could set sendmail-program globally in Emacs,
could you actually find a value that would predictably do harm?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]