[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Avoiding arbitrary code execution with macroexpansion
From: |
Richard Stallman |
Subject: |
Re: Avoiding arbitrary code execution with macroexpansion |
Date: |
Sun, 19 Aug 2018 23:04:26 -0400 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> Using a macro that calls eval, such as eval-when-compile,
> eval-and-compile, c-lang-defconst-eval-immediately (undoubtedly others
> too), means anything can happen at macroexpansion time.
Can we make macroexpand detect these cases and give an error?
It would have to do a codewalk on the macro definition,
but that is doable.
Perhaps doing an flet of eval and apply would work.
--
Dr Richard Stallman
President, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)