Precedence of criteria for file-local riskyness

unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed

* Precedence of criteria for file-local riskyness
@ 2020-06-02 15:35 Thibaut Verron
  0 siblings, 0 replies; only message in thread
From: Thibaut Verron @ 2020-06-02 15:35 UTC (permalink / raw)
  To: emacs-devel

[-- Attachment #1: Type: text/plain, Size: 1888 bytes --]

Hi,

According to the documentation, emacs considers that if a variable name
ends with -program, then it is probably risky.

I guess that it is a fair assumption in general.
However, it seems that this assumption is taken even if:
- the variable declaration has a non-nil :safe property
- the variable declaration has a nil :risky

Is there a good reason for this?

Naively, I would expect that if a variable can have some safe values, then
it is reasonable to give the user the choice to save other safe values (and
it can always be overridden with :risky t). And that if the package author
says that a variable is not risky, even with a suspicious name, then their
decision takes precedence.

It could also be useful if the reason why the variable is considered risky
(suspicious name, explicitly marked as such, predicate not matching) could
be added to the help message, for example so that users can make an
educated decision whether to bypass the security or not.

For the anecdote, in my specific use-case, all of this was even more
surprising because emacs was repeatedly querying me whether the default
value for the variable was safe. Of course adding an adequate :safe setting
fixed that, and this situation probably doesn't happen often enough to be
worth generalizing.

MWE: Consider the following code in a file:

    (defun my-var-program-pred (val)
      (memq val '("default value")))

    (defcustom my-var-program "default value"
      "Program to be launched to use magma (usually magma)."
      :type 'string
      :risky nil
      :safe 'my-var-program-pred)

    ;;;###autoload (put 'my-var-program 'safe-local-variable
'my-var-program-pred)

    ;; Local Variables:
    ;; my-var-program: "another value"
    ;; End:

Eval it with or without compiling, then revert the buffer and see that the
"always mark as safe" option is not proposed.

Best regards,
Thibaut

[-- Attachment #2: Type: text/html, Size: 2642 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2020-06-02 15:35 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-02 15:35 Precedence of criteria for file-local riskyness Thibaut Verron

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).