unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Risky local variable mechanism
@ 2006-01-31 23:09 Richard M. Stallman
  2006-02-01  0:37 ` Stefan Monnier
  2006-02-01  2:30 ` Chong Yidong
  0 siblings, 2 replies; 99+ messages in thread
From: Richard M. Stallman @ 2006-01-31 23:09 UTC (permalink / raw)


A few days ago I sent a message about possibly replacing the risky
local variable mechanism with something safer.  Nobody has responded
yet.  This problem is important; please help me think about the issue.

^ permalink raw reply	[flat|nested] 99+ messages in thread
[parent not found: <E1F46oA-0005O8-FC@monty-python.gnu.org>]
* Re: Risky local variable mechanism
@ 2006-02-02  8:14 LENNART BORGMAN
  0 siblings, 0 replies; 99+ messages in thread
From: LENNART BORGMAN @ 2006-02-02  8:14 UTC (permalink / raw)
  Cc: Chong Yidong, emacs-devel

From: "Richard M. Stallman" <rms@gnu.org>

>    If you want to be really restrictive, you can introduce a list of
>    `safe-local-variables', and prompt for anything outside that 
> list (the
>    prompt could have an additional choice, [(a) always allow this
>    variable], a variable to the list).
> 
> Perhaps that is the best solution.  However, if only 2% of all file
> local variable settings are outside that list, it will still cause
> annoyance to a lot of people.
> 
> So let's first see if some more general method based on custom types
> can be made to work.  If that can't be made to work, we can fall back
> on this approach.

It is much more annoying if there is a possible security hole. Please follow Stefans advice on this. (To have a small set of known safe variables.)

^ permalink raw reply	[flat|nested] 99+ messages in thread
* re: risky local variable mechanism
@ 2006-02-10 18:13 Jonathan Yavner
  2006-02-11  3:19 ` Luc Teirlinck
  2006-02-11 17:08 ` Chong Yidong
  0 siblings, 2 replies; 99+ messages in thread
From: Jonathan Yavner @ 2006-02-10 18:13 UTC (permalink / raw)


(re: mechanism proposed by Chong Yidong)

unsafep.el (used by SES) calls risky-local-variable-p with NIL as the 
second argument, because it doesn't know yet what value will be 
assigned.  Please maintain the feature that NIL as second argument to 
risky-local-variable-p means "There exists at least one risky value 
that could be assigned to this variable."

I'm not sure if your patch does this.  Sorry for my poor patch-reading 
skills.

^ permalink raw reply	[flat|nested] 99+ messages in thread

end of thread, other threads:[~2006-02-17 14:30 UTC | newest]

Thread overview: 99+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-01-31 23:09 Risky local variable mechanism Richard M. Stallman
2006-02-01  0:37 ` Stefan Monnier
2006-02-01  0:41   ` Luc Teirlinck
2006-02-01  2:39     ` Stefan Monnier
2006-02-02  4:17   ` Richard M. Stallman
2006-02-02 12:42     ` Kim F. Storm
2006-02-03 23:43       ` Richard M. Stallman
2006-02-04  4:34         ` Luc Teirlinck
2006-02-05 17:34           ` Richard M. Stallman
2006-02-06  6:00             ` Luc Teirlinck
2006-02-07  6:07               ` Richard M. Stallman
2006-02-07  2:47             ` Luc Teirlinck
2006-02-07 16:45         ` Chong Yidong
2006-02-08  1:49           ` Luc Teirlinck
2006-02-08  2:09             ` Chong Yidong
2006-02-08  2:18               ` Luc Teirlinck
2006-02-08  4:30                 ` Chong Yidong
2006-02-08  4:56                   ` Chong Yidong
2006-02-08  5:02                     ` Luc Teirlinck
2006-02-08  5:00                   ` Luc Teirlinck
2006-02-08  5:28                     ` Chong Yidong
2006-02-08  3:13             ` Stefan Monnier
2006-02-08  4:51               ` Chong Yidong
2006-02-08  5:07                 ` Stefan Monnier
2006-02-08  5:25                   ` Chong Yidong
2006-02-08  6:00                     ` Stefan Monnier
2006-02-08 13:35                       ` Chong Yidong
2006-02-08 21:41                         ` Stefan Monnier
2006-02-08  6:06                     ` Luc Teirlinck
2006-02-08  6:49                       ` Stefan Monnier
2006-02-08  5:48                 ` Luc Teirlinck
2006-02-08  6:08                   ` Stefan Monnier
2006-02-08  6:17                     ` Luc Teirlinck
2006-02-08  6:48                       ` Stefan Monnier
2006-02-09 17:47                         ` Richard M. Stallman
2006-02-09 17:47                   ` Richard M. Stallman
2006-02-10 23:57                     ` Luc Teirlinck
2006-02-08  9:21                 ` Juri Linkov
2006-02-08 12:48                   ` Disabled commands (was: Risky local variable mechanism) Stefan Monnier
2006-02-09 17:48                     ` Richard M. Stallman
2006-02-09 22:07                       ` Disabled commands Stefan Monnier
2006-02-10  2:30                         ` Miles Bader
2006-02-10  7:47                           ` Eli Zaretskii
2006-02-13  8:36                         ` Bill Wohler
2006-02-13  9:26                           ` Kim F. Storm
2006-02-13  9:43                             ` Giorgos Keramidas
2006-02-13 13:54                           ` Romain Francoise
2006-02-09 18:46                     ` Kevin Rodgers
2006-02-08 15:45                 ` Risky local variable mechanism Drew Adams
2006-02-09  3:58                   ` Luc Teirlinck
2006-02-09 17:48           ` Richard M. Stallman
2006-02-10  5:34         ` Chong Yidong
2006-02-10 17:03           ` Stefan Monnier
2006-02-10 17:54             ` Chong Yidong
2006-02-11  0:31           ` Luc Teirlinck
2006-02-12  1:00             ` Stefan Monnier
2006-02-12  4:30             ` Richard M. Stallman
2006-02-11  3:31           ` Luc Teirlinck
2006-02-12  1:02             ` Stefan Monnier
2006-02-12  1:15               ` Luc Teirlinck
2006-02-11 16:44           ` Richard M. Stallman
2006-02-14  1:33         ` Chong Yidong
2006-02-14  2:50           ` Luc Teirlinck
2006-02-14 22:17             ` Richard M. Stallman
2006-02-14  3:16           ` Luc Teirlinck
2006-02-14  3:32             ` Luc Teirlinck
2006-02-14  3:38               ` Luc Teirlinck
2006-02-14  3:48             ` Chong Yidong
2006-02-14  4:11               ` Luc Teirlinck
2006-02-14  4:26                 ` Chong Yidong
2006-02-16 14:02           ` safe-local-variable additions (was: Risky local variable mechanism) Reiner Steib
2006-02-17  2:47             ` safe-local-variable additions Chong Yidong
2006-02-17 14:30               ` Reiner Steib
2006-02-02 12:47     ` Risky local variable mechanism Kim F. Storm
2006-02-01  2:30 ` Chong Yidong
2006-02-02  4:15   ` Richard M. Stallman
2006-02-02  9:54     ` David Kastrup
2006-02-02 14:54       ` Kim F. Storm
2006-02-03  5:04         ` Richard M. Stallman
     [not found] <E1F46oA-0005O8-FC@monty-python.gnu.org>
2006-02-01 15:24 ` Jonathan Yavner
2006-02-01 17:00   ` Stefan Monnier
2006-02-01 23:31     ` Kim F. Storm
2006-02-02  5:05       ` Stefan Monnier
2006-02-01 23:12   ` Chong Yidong
2006-02-02 16:21   ` Richard M. Stallman
2006-02-02 17:00     ` Stefan Monnier
  -- strict thread matches above, loose matches on Subject: below --
2006-02-02  8:14 LENNART BORGMAN
2006-02-10 18:13 risky " Jonathan Yavner
2006-02-11  3:19 ` Luc Teirlinck
2006-02-13  4:40   ` Richard M. Stallman
2006-02-11 17:08 ` Chong Yidong
2006-02-11 20:27   ` Jonathan Yavner
2006-02-11 20:46     ` Chong Yidong
2006-02-12 19:29       ` Richard M. Stallman
2006-02-12 19:52         ` Chong Yidong
2006-02-13 20:05           ` Richard M. Stallman
2006-02-13 21:03             ` Chong Yidong
2006-02-12  1:10     ` Luc Teirlinck
2006-02-12 19:29       ` Richard M. Stallman

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).