[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: risky local variable mechanism

From: Chong Yidong
Subject: Re: risky local variable mechanism
Date: Sun, 12 Feb 2006 14:52:45 -0500
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux)

"Richard M. Stallman" <address@hidden> writes:

>     It's unlikely that making the file local variable mechanism stricter,
>     while keeping unsafep.el the same, will open up new security holes
>     that didn't already exist.  Anyway, it is pretty easy to change
>     unsafep.el to reflect the changes to files.el.
> Could you take a look at doing that?  It may not be quite trivial.
> In particular, the fact that unsafep checks for functions
> could make some things safe, which otherwise would not be.

The relevant part is the function `unsafep-variable', which can be
adapted easily.  The other things that unsafep.el checks are not
related to file variables.

*** emacs/lisp/emacs-lisp/unsafep.el.~1.10.~    2006-02-06 23:43:22.000000000 
--- emacs/lisp/emacs-lisp/unsafep.el    2006-02-11 12:16:17.000000000 -0500
*** 255,261 ****
     ((not (symbolp sym))
      `(variable ,sym))
!    ((risky-local-variable-p sym nil)
      `(risky-local-variable ,sym))
     ((not (or global-okay
             (memq sym unsafep-vars)
--- 255,262 ----
     ((not (symbolp sym))
      `(variable ,sym))
!    ((and (risky-local-variable-p sym)
!        (not (safe-local-variable-p sym val)))
      `(risky-local-variable ,sym))
     ((not (or global-okay
             (memq sym unsafep-vars)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]