From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Chong Yidong Newsgroups: gmane.emacs.devel Subject: Re: risky local variable mechanism Date: Sun, 12 Feb 2006 14:52:45 -0500 Message-ID: <87vevkmk1e.fsf@stupidchicken.com> References: <200602101313.13663.jyavner@member.fsf.org> <87accxlt6z.fsf@stupidchicken.com> <200602111527.31031.jyavner@member.fsf.org> <87hd757he0.fsf@stupidchicken.com> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1139774188 1169 80.91.229.2 (12 Feb 2006 19:56:28 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Sun, 12 Feb 2006 19:56:28 +0000 (UTC) Cc: jyavner@member.fsf.org, emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Feb 12 20:56:26 2006 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1F8NKP-0007qW-Pz for ged-emacs-devel@m.gmane.org; Sun, 12 Feb 2006 20:56:14 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1F8NKL-00053v-7i for ged-emacs-devel@m.gmane.org; Sun, 12 Feb 2006 14:56:09 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1F8NHE-0003y9-HK for emacs-devel@gnu.org; Sun, 12 Feb 2006 14:52:57 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1F8NHA-0003wU-33 for emacs-devel@gnu.org; Sun, 12 Feb 2006 14:52:55 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1F8NH9-0003w0-8k for emacs-devel@gnu.org; Sun, 12 Feb 2006 14:52:51 -0500 Original-Received: from [18.95.6.197] (helo=localhost.localdomain) by monty-python.gnu.org with esmtp (Exim 4.52) id 1F8NLM-0000c4-QD; Sun, 12 Feb 2006 14:57:12 -0500 Original-Received: by localhost.localdomain (Postfix, from userid 1000) id 8CACD1E41A4; Sun, 12 Feb 2006 14:52:45 -0500 (EST) Original-To: rms@gnu.org In-Reply-To: (Richard M. Stallman's message of "Sun, 12 Feb 2006 14:29:28 -0500") User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:50421 Archived-At: "Richard M. Stallman" writes: > It's unlikely that making the file local variable mechanism stricter, > while keeping unsafep.el the same, will open up new security holes > that didn't already exist. Anyway, it is pretty easy to change > unsafep.el to reflect the changes to files.el. > > Could you take a look at doing that? It may not be quite trivial. > In particular, the fact that unsafep checks for functions > could make some things safe, which otherwise would not be. The relevant part is the function `unsafep-variable', which can be adapted easily. The other things that unsafep.el checks are not related to file variables. *** emacs/lisp/emacs-lisp/unsafep.el.~1.10.~ 2006-02-06 23:43:22.000000000 -0500 --- emacs/lisp/emacs-lisp/unsafep.el 2006-02-11 12:16:17.000000000 -0500 *************** *** 255,261 **** (cond ((not (symbolp sym)) `(variable ,sym)) ! ((risky-local-variable-p sym nil) `(risky-local-variable ,sym)) ((not (or global-okay (memq sym unsafep-vars) --- 255,262 ---- (cond ((not (symbolp sym)) `(variable ,sym)) ! ((and (risky-local-variable-p sym) ! (not (safe-local-variable-p sym val))) `(risky-local-variable ,sym)) ((not (or global-okay (memq sym unsafep-vars)