[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] emacs-25 f006761: A bit more security doc, esp. file local
|
From: |
Paul Eggert |
|
Subject: |
[Emacs-diffs] emacs-25 f006761: A bit more security doc, esp. file local vars |
|
Date: |
Mon, 30 Nov 2015 16:57:26 +0000 |
branch: emacs-25
commit f0067611f158e424e19d4d9f7e0c43b559ae633d
Author: Paul Eggert <address@hidden>
Commit: Paul Eggert <address@hidden>
A bit more security doc, esp. file local vars
* doc/emacs/emacs.texi (Top):
* doc/emacs/misc.texi (Miscellaneous Commands):
Refer to new Host Security section.
(Host Security): New section.
* doc/lispref/os.texi (Security Considerations):
Mention file local variables.
---
doc/emacs/emacs.texi | 1 +
doc/emacs/misc.texi | 22 +++++++++++++++++++++-
doc/lispref/os.texi | 12 ++++++++++++
3 files changed, 34 insertions(+), 1 deletions(-)
diff --git a/doc/emacs/emacs.texi b/doc/emacs/emacs.texi
index 2877be9..d87e807 100644
--- a/doc/emacs/emacs.texi
+++ b/doc/emacs/emacs.texi
@@ -188,6 +188,7 @@ Advanced Features
* Sending Mail:: Sending mail in Emacs.
* Rmail:: Reading mail in Emacs.
* Gnus:: A flexible mail and news reader.
+* Host Security:: Security issues on a single computer.
* Network Security:: Managing the network security.
* Document View:: Viewing PDF, PS and DVI files.
* EWW:: A web browser in Emacs.
diff --git a/doc/emacs/misc.texi b/doc/emacs/misc.texi
index 7fad826..03e6613 100644
--- a/doc/emacs/misc.texi
+++ b/doc/emacs/misc.texi
@@ -6,7 +6,8 @@
@chapter Miscellaneous Commands
This chapter contains several brief topics that do not fit anywhere
-else: reading Usenet news, viewing PDFs and other such documents, web
+else: reading Usenet news, host and network security,
+viewing PDFs and other such documents, web
browsing, running shell commands and shell subprocesses, using a
single shared Emacs for utilities that expect to run an editor as a
subprocess, printing, sorting text, editing binary files, saving an
@@ -249,6 +250,25 @@ Search forward for articles containing a match for
@var{regexp}.
Exit the summary buffer and return to the group buffer.
@end table
address@hidden Host Security
address@hidden Host Security
address@hidden security
+
+Emacs runs inside an operating system such as GNU/Linux, and relies on
+the operating system to check security constraints such as accesses to
+files. The default settings for Emacs are designed for typical use;
+they may require some tailoring in environments where security is more
+of a concern, or less of a concern, than usual. For example,
+file-local variables can be risky, and you can set the variable
address@hidden to @code{:safe} or (even more
+conservatively) to @code{nil}; conversely, if your files can all be
+trusted and the default checking for these variables is irritating,
+you can set @code{enable-local-variables} to @code{:all}. @xref{Safe
+File Variables}.
+
address@hidden Considerations,,, elisp, The Emacs Lisp Reference
+Manual}, for more information about security considerations when using
+Emacs as part of a larger application.
@node Network Security
@section Network Security
diff --git a/doc/lispref/os.texi b/doc/lispref/os.texi
index f3c4e29..1e344c0 100644
--- a/doc/lispref/os.texi
+++ b/doc/lispref/os.texi
@@ -2919,6 +2919,18 @@ means complete; it is intended to give you an idea of
the security
issues involved, rather than to be a security checklist.
@table @asis
address@hidden File local variables
address@hidden file local variables
+A file that Emacs visits can contain variable settings that affects
+the buffer visiting that file; @xref{File Local Variables}.
+Similarly, a directory can specify local variable values common to all
+files in that directory; @xref{Directory Local Variables}. Although
+Emacs takes some effort to protect against misuse of these variables,
+a security hole can be created merely by a package setting
address@hidden too optimistically, a problem that is all
+too common. To disable this feature for both files and directories,
+set @code{enable-local-variables} to nil.
+
@item Access control
Although Emacs normally respects access permissions of the underlying
operating system, in some cases it handles accesses specially. For
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] emacs-25 f006761: A bit more security doc, esp. file local vars,
Paul Eggert <=