From mboxrd@z Thu Jan  1 00:00:00 1970
Path: main.gmane.org!not-for-mail
From: Georgi Guninski <guninski@guninski.com>
Newsgroups: gmane.emacs.bugs
Subject: Re: security problem in emacs
Date: Tue, 31 Dec 2002 17:42:59 +0200
Sender: bug-gnu-emacs-bounces+gnu-bug-gnu-emacs=m.gmane.org@gnu.org
Message-ID: <3E11BB03.8080009@guninski.com>
References: <mailman.749.1041337086.19936.bug-gnu-emacs@gnu.org>
	<3E11ADF9.3070902@guninski.com>
	<E18TO5o-000385-00@lgh163a.kemisten.nu>
Reply-To: guninski@guninski.com
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: main.gmane.org 1041349392 26937 80.91.224.249 (31 Dec 2002 15:43:12 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Tue, 31 Dec 2002 15:43:12 +0000 (UTC)
Cc: kai.grossjohann@uni-duisburg.de
Return-path: <bug-gnu-emacs-bounces+gnu-bug-gnu-emacs=m.gmane.org@gnu.org>
Original-Received: from monty-python.gnu.org ([199.232.76.173])
	by main.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 18TOXu-00070H-00
	for <gnu-bug-gnu-emacs@m.gmane.org>; Tue, 31 Dec 2002 16:43:10 +0100
Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org)
	by monty-python.gnu.org with esmtp (Exim 4.10.13)
	id 18TOY7-0002rd-04
	for gnu-bug-gnu-emacs@m.gmane.org; Tue, 31 Dec 2002 10:43:23 -0500
Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.10.13)
	id 18TOXv-0002n5-00
	for bug-gnu-emacs@gnu.org; Tue, 31 Dec 2002 10:43:11 -0500
Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.10.13)
	id 18TOXs-0002hw-00
	for bug-gnu-emacs@gnu.org; Tue, 31 Dec 2002 10:43:10 -0500
Original-Received: from home.ntrl.net ([194.12.224.34])
	by monty-python.gnu.org with esmtp (Exim 4.10.13)
	id 18TOXq-0002aX-00
	for bug-gnu-emacs@gnu.org; Tue, 31 Dec 2002 10:43:07 -0500
Original-Received: from guninski.com ([194.12.248.247])
	by home.ntrl.net (8.9.1/Config) with ESMTP id RAA04281;
	Tue, 31 Dec 2002 17:42:17 +0200
User-Agent: Mozilla/5.0 (X11; Linux)
X-Accept-Language: en-us, en
Original-To: "Alfred M. Szmidt" <ams@kemisten.nu>
In-Reply-To: <mailman.749.1041337086.19936.bug-gnu-emacs@gnu.org>
X-MailScanner: Found to be clean
Original-cc: bug-gnu-emacs@gnu.org
X-BeenThere: bug-gnu-emacs@gnu.org
X-Mailman-Version: 2.1b5
Precedence: list
List-Id: Bug reports for GNU Emacs, the Swiss army knife of text editors
 <bug-gnu-emacs.gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Subscribe: <http://mail.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
List-Archive: <http://mail.gnu.org/pipermail/bug-gnu-emacs>
List-Unsubscribe: <http://mail.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
Errors-To: bug-gnu-emacs-bounces+gnu-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: main.gmane.org gmane.emacs.bugs:4123
X-Report-Spam: http://spam.gmane.org/gmane.emacs.bugs:4123

Alfred M. Szmidt wrote:

>    Is the new attached file also fixed?
>
> Emacs CVS gives a warning about the code.

So since emacs CVS fixes at least 2 security bugs you may think about releasing 
a new version or at least patches.

>
>    I suggest you disable local variables by default - they are not
>    portable and some people use emacs for examining untrusted log
>    files or read mail.
>
> Disabling local variables completely seems silly.  Making Emacs warn
> the user when running local-hook's or eval's is a far better idea;
> which is done in CVS.  Local variables are very useful.
>
>

I continue to disagree that local variables on by default is a good idea, but am 
tired of arguing about it.
So here are some last arguments:
1. I found 2 security bugs on release version of emacs in less than week. How 
many left do you think are? Of course the idea of warning about eval or hooks 
seems good, but covering all cases of non-obvious evals in a large project is 
difficult task.

2. Lusers like micro$oft thought in the beginning that scripting in email/word 
is a good idea and it is sandboxed. Now it is off by default in their email 
products. Think about it.

3. Local variables are not portable accross editors, which makes them almost 
useless, unless every document has all the version of local variables for every 
editor.

georgi