Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emac

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emac

From:	Jim Porter
Subject:	Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Date:	Wed, 8 Mar 2023 09:03:30 -0800

On 3/8/2023 6:17 AM, Eli Zaretskii wrote:

From: Robert Pluim <rpluim@gmail.com>
Cc: Po Lu <luangruo@yahoo.com>,  emacs-devel@gnu.org
Date: Wed, 08 Mar 2023 12:47:19 +0100

We can then add `--funcall' to emacs-30, and revisit this there.


Fair warning: I will object to adding --funcall just for this niche
problem.  We didn't reach an agreement about --funcall at the time,
and for good reasons; this particular use case does absolutely nothing
to change the outcome of that discussion.

In bug#57752, we'd discussed adding --apply to emacs and emacsclient,which might work better for this case, as well as to make other similarcases easier: Org mode uses some pretty extensive hacks in order to getorg-protocol:// URLs working in emacsclient, and eliminating that wouldbe very nice.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop, (continued)

Prev by Date: Re: Android port
Next by Date: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Previous by thread: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Next by thread: Re: emacs-29 3c1693d08b0: Fix Elisp code injection vulnerability in emacsclient-mail.desktop
Index(es):
- Date
- Thread