[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security flaw in enable-local-eval; new release plan
From: |
Thien-Thi Nguyen |
Subject: |
Re: Security flaw in enable-local-eval; new release plan |
Date: |
Mon, 13 Aug 2012 08:32:57 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) |
() Chong Yidong <address@hidden>
() Mon, 13 Aug 2012 11:10:57 +0800
(let ((safe (or (hack-one-local-variable-eval-safep
(eval (quote val)))
;; In case previously marked safe (bug#5636).
(safe-local-variable-p var val))))
;; If not safe and e-l-v = :safe, ignore totally.
(when (or safe (not (eq enable-local-variables :safe)))
(push elt all-vars)
(or (eq enable-local-eval t)
safe
(push elt unsafe-vars))))
It seems control reaches ‘eval’ before reaching the ‘:safe’ check, thus
defeating the check. Am i missing something?
--
Thien-Thi Nguyen ..................................... GPG key: 4C807502
. NB: ttn at glug dot org is not me .
. (and has not been since 2007 or so) .
. ACCEPT NO SUBSTITUTES .
........... please send technical questions to mailing lists ...........
pgpTRhbGbsgyv.pgp
Description: PGP signature