* bug#74627: .dir-locals.el warning messages are confusing
@ 2024-11-30 17:20 Björn Lindqvist
2024-12-05 9:38 ` Eli Zaretskii
0 siblings, 1 reply; 7+ messages in thread
From: Björn Lindqvist @ 2024-11-30 17:20 UTC (permalink / raw)
To: 74627
Warnings about potential security issues should be easy to understand,
but the warnings produced by .dir-locals.el are not. When I open a
file in the Emacs source code it shows:
The local variables list in /home/bjourne/p/emacs/
or .dir-locals.el contains values that may not be safe (*).
Why does it say "or"? What does the asterisk (*) mean? Could the
descriptions for "!" and "i" be clearer so it is more obvious what is
applied and what is ignored?
--
mvh/best regards Björn Lindqvist
^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#74627: .dir-locals.el warning messages are confusing
2024-11-30 17:20 bug#74627: .dir-locals.el warning messages are confusing Björn Lindqvist
@ 2024-12-05 9:38 ` Eli Zaretskii
2024-12-11 8:18 ` Björn Lindqvist
0 siblings, 1 reply; 7+ messages in thread
From: Eli Zaretskii @ 2024-12-05 9:38 UTC (permalink / raw)
To: Björn Lindqvist, Stefan Monnier; +Cc: 74627
> From: Björn Lindqvist <bjourne@gmail.com>
> Date: Sat, 30 Nov 2024 18:20:35 +0100
>
> Warnings about potential security issues should be easy to understand,
> but the warnings produced by .dir-locals.el are not. When I open a
> file in the Emacs source code it shows:
>
> The local variables list in /home/bjourne/p/emacs/
> or .dir-locals.el contains values that may not be safe (*).
>
> Why does it say "or"?
Because that function is called with a single flag argument which
could be set non-nil either due to unsafe file-local variables or due
to .dir-locals.el.
> What does the asterisk (*) mean?
It means the variables marked with the asterisk in the list of
below this text could be unsafe.
> Could the descriptions for "!" and "i" be clearer so it is more
> obvious what is applied and what is ignored?
Please tell what is unclear there. The current text is
! -- to apply the local variables list, and permanently mark these
values (*) as safe (in the future, they will be set automatically.)
i -- to ignore the local variables list, and permanently mark these
values (*) as ignored"
^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#74627: .dir-locals.el warning messages are confusing
2024-12-05 9:38 ` Eli Zaretskii
@ 2024-12-11 8:18 ` Björn Lindqvist
2024-12-11 11:16 ` Stefan Kangas
2024-12-11 15:00 ` Eli Zaretskii
0 siblings, 2 replies; 7+ messages in thread
From: Björn Lindqvist @ 2024-12-11 8:18 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: Stefan Monnier, 74627
Hello Eli,
Den tors 5 dec. 2024 kl 10:38 skrev Eli Zaretskii <eliz@gnu.org>:
> > Warnings about potential security issues should be easy to understand,
> > but the warnings produced by .dir-locals.el are not. When I open a
> > file in the Emacs source code it shows:
> >
> > The local variables list in /home/bjourne/p/emacs/
> > or .dir-locals.el contains values that may not be safe (*).
> >
> > Why does it say "or"?
>
> Because that function is called with a single flag argument which
> could be set non-nil either due to unsafe file-local variables or due
> to .dir-locals.el.
So there are multiple sources of unsafe variables, but the function
responsible for formulating the error message doesn't know what the
source is? Regardless of whether my guess is correct, the text should
not refer to the local variables in "/home/bjourne/p/emacs/" because
there can be no unsafe variables in directories (only files).
> > What does the asterisk (*) mean?
>
> It means the variables marked with the asterisk in the list of
> below this text could be unsafe.
Aha. Emacs lists both safe and unsafe variables. Why does it list the
safe ones? The warning would be much clearer if the safe variables
were omitted since they don't matter. That would make it clear what
variables "!" and "i" choices apply or mark as safe/ignored.
--
mvh/best regards Björn Lindqvist
^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#74627: .dir-locals.el warning messages are confusing
2024-12-11 8:18 ` Björn Lindqvist
@ 2024-12-11 11:16 ` Stefan Kangas
2024-12-11 15:00 ` Eli Zaretskii
1 sibling, 0 replies; 7+ messages in thread
From: Stefan Kangas @ 2024-12-11 11:16 UTC (permalink / raw)
To: Björn Lindqvist, Eli Zaretskii; +Cc: Stefan Monnier, 74627
Björn Lindqvist <bjourne@gmail.com> writes:
> Aha. Emacs lists both safe and unsafe variables. Why does it list the
> safe ones? The warning would be much clearer if the safe variables
> were omitted since they don't matter. That would make it clear what
> variables "!" and "i" choices apply or mark as safe/ignored.
You have to see all of them to make an informed decision, I think.
Otherwise, an unsafe variable might be referring to a safe one, which is
the one containing the malicious bits.
^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#74627: .dir-locals.el warning messages are confusing
2024-12-11 8:18 ` Björn Lindqvist
2024-12-11 11:16 ` Stefan Kangas
@ 2024-12-11 15:00 ` Eli Zaretskii
2024-12-11 15:31 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
1 sibling, 1 reply; 7+ messages in thread
From: Eli Zaretskii @ 2024-12-11 15:00 UTC (permalink / raw)
To: Björn Lindqvist; +Cc: monnier, 74627
> From: Björn Lindqvist <bjourne@gmail.com>
> Date: Wed, 11 Dec 2024 09:18:33 +0100
> Cc: Stefan Monnier <monnier@iro.umontreal.ca>, 74627@debbugs.gnu.org
>
> Den tors 5 dec. 2024 kl 10:38 skrev Eli Zaretskii <eliz@gnu.org>:
>
> > > Warnings about potential security issues should be easy to understand,
> > > but the warnings produced by .dir-locals.el are not. When I open a
> > > file in the Emacs source code it shows:
> > >
> > > The local variables list in /home/bjourne/p/emacs/
> > > or .dir-locals.el contains values that may not be safe (*).
> > >
> > > Why does it say "or"?
> >
> > Because that function is called with a single flag argument which
> > could be set non-nil either due to unsafe file-local variables or due
> > to .dir-locals.el.
>
> So there are multiple sources of unsafe variables, but the function
> responsible for formulating the error message doesn't know what the
> source is?
Yes, that's my reading of the code.
> Regardless of whether my guess is correct, the text should
> not refer to the local variables in "/home/bjourne/p/emacs/" because
> there can be no unsafe variables in directories (only files).
Well, we consider variables in .dir-locals.el as belonging to the
directory in which it lives.
> > > What does the asterisk (*) mean?
> >
> > It means the variables marked with the asterisk in the list of
> > below this text could be unsafe.
>
> Aha. Emacs lists both safe and unsafe variables. Why does it list the
> safe ones? The warning would be much clearer if the safe variables
> were omitted since they don't matter. That would make it clear what
> variables "!" and "i" choices apply or mark as safe/ignored.
I can only guess: showing all of them lets you see the problematic one
in context.
^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#74627: .dir-locals.el warning messages are confusing
2024-12-11 15:00 ` Eli Zaretskii
@ 2024-12-11 15:31 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-11 16:55 ` Eli Zaretskii
0 siblings, 1 reply; 7+ messages in thread
From: Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2024-12-11 15:31 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: Björn Lindqvist, 74627
>> Regardless of whether my guess is correct, the text should
>> not refer to the local variables in "/home/bjourne/p/emacs/" because
>> there can be no unsafe variables in directories (only files).
> Well, we consider variables in .dir-locals.el as belonging to the
> directory in which it lives.
I think it would be easier to understand for the reader if we can point
more precisely to the source (especially since now it can also come
from `.editorconfig`).
Stefan
^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#74627: .dir-locals.el warning messages are confusing
2024-12-11 15:31 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
@ 2024-12-11 16:55 ` Eli Zaretskii
0 siblings, 0 replies; 7+ messages in thread
From: Eli Zaretskii @ 2024-12-11 16:55 UTC (permalink / raw)
To: Stefan Monnier; +Cc: bjourne, 74627
> From: Stefan Monnier <monnier@iro.umontreal.ca>
> Cc: Björn Lindqvist <bjourne@gmail.com>,
> 74627@debbugs.gnu.org
> Date: Wed, 11 Dec 2024 10:31:03 -0500
>
> >> Regardless of whether my guess is correct, the text should
> >> not refer to the local variables in "/home/bjourne/p/emacs/" because
> >> there can be no unsafe variables in directories (only files).
> > Well, we consider variables in .dir-locals.el as belonging to the
> > directory in which it lives.
>
> I think it would be easier to understand for the reader if we can point
> more precisely to the source (especially since now it can also come
> from `.editorconfig`).
Sure, but that's not what I meant to explain.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-12-11 16:55 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-11-30 17:20 bug#74627: .dir-locals.el warning messages are confusing Björn Lindqvist
2024-12-05 9:38 ` Eli Zaretskii
2024-12-11 8:18 ` Björn Lindqvist
2024-12-11 11:16 ` Stefan Kangas
2024-12-11 15:00 ` Eli Zaretskii
2024-12-11 15:31 ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-11 16:55 ` Eli Zaretskii
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).