[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security flaw in EDE; new release plans

From: Daniel Colascione
Subject: Re: Security flaw in EDE; new release plans
Date: Sun, 08 Jan 2012 23:26:19 -0800
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:8.0) Gecko/20111105 Thunderbird/8.0

On 1/8/12 11:06 PM, Chong Yidong wrote:
> Daniel Colascione <address@hidden> writes:
>> I never got around to committing the patch below to the emacs-23
>> branch. Would it be okay to add it before the 23.4 release?
>> + (put 'lexical-binding 'safe-local-variable t)
> What's the rationale?  If Emacs 23 users try to load Lisp libraries that
> use lexical binding, that will tend to lead to bugs, so why make it
> *easier* for that to happen?

My proposed patch makes it painless to edit Emacs 24 lisp using Emacs
23. A user might want to read or backport Emacs 24 lisp files, and
because it's possible to write lisp that works correctly whether
lexical-binding is on or off, a user might even legitimately want to
load these files.

The warning about the lexical-binding variable appears only when a
user tries to edit a file with lexical-binding. If an Emacs 23 user
tries to load or compile such a file, he won't receive a warning. If
we wants to guard against loading a file in an Emacs without support
for lexical-binding, an (assert (boundp 'lexical-binding)) at toplevel
should do the trick; a more general solution would be to add code to
the Emacs 23 lisp reader or byte compiler to reject files that specify

As far as editing itself is concerned, though, lexical-binding is
indeed a harmless variable in Emacs 23: inert, sure, but harmless.

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]