[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Emacs-diffs] scratch/allow-custom-load-paths-in-elisp-flymake 4ef97

From: João Távora
Subject: Re: [Emacs-diffs] scratch/allow-custom-load-paths-in-elisp-flymake 4ef9711: Allow custom load paths in elisp's byte-compilation Flymake
Date: Wed, 5 Dec 2018 20:40:07 +0000

On Wed, Dec 5, 2018, 20:00 Glenn Morris <address@hidden wrote:

>> +(put 'elisp-flymake-byte-compile-load-path 'safe-local-variable
>> +     (lambda (x) (and (listp x) (catch 'tag
>> +                                  (dolist (path x t) (unless (stringp path)
>> +                                                       (throw 'tag nil)))))))

AFAICS the above tests whether the value is valid, not whether it is safe.
This should probably be a risky-local-variable, like load-path is.
The default "." seems actively dangerous, in much the same way as having
"." in a shell's PATH is.


I'm aware of the difference between valid and safe. One of us is missing something:

1. The new variable I introduce only has any effect when flymake-mode is enabled in elisp buffers.
2. Currently, flymake-mode is pretty unsafe since it byte-compiles the file which can run arbitrary compile-time code in that file.
3. It doesn't make sense for an attacker to use the new variable as a file-local var since it's much easier to add some eval-when-compile instead to the file itself. 
4. The only attack I could envision is to set the var in 
dir-locals.el, assuming the attacker had access to that file and not the other .el files that live in that directory.

As i tried to explain, I added the validity spec to the variable, precisely because I thought 4 was pretty far-fetched, and couldn't find any other plausible scenario. Can you?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]