Re: Unsafe file variables... - Richard Stallman

unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed

From: Richard Stallman <rms@gnu.org>
Cc: dak@gnu.org, emacs-devel@gnu.org
Subject: Re: Unsafe file variables...
Date: Mon, 05 Apr 2004 02:36:45 -0400	[thread overview]
Message-ID: <E1BANiv-0006U8-LQ@fencepost.gnu.org> (raw)
In-Reply-To: <87y8pbh5lk.fsf-monnier+emacs@alfajor.local> (message from Stefan Monnier on 04 Apr 2004 16:11:41 -0400)

    I think that using authentication for such problems is the wrong approach.
    We should check the safety of the code instead.

There is a package whose job is to check an expression for safety.
I installed it last year, but I don't recall the file name.

Of course, it is conservative--there are many programs which are
safe, but it can't tell, so it says "no".  That being so, I am not
sure whether this approach will do a good job in practice.

      But a good solution was proposed
    a while back here: add a customization variable that allows the user to
    specify a list of safe code which he's willing to eval in the future.

Perhaps the two features can be combined.
That package could treat anything it finds in that list as "safe".

next prev parent reply	other threads:[~2004-04-05  6:36 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-04-03 19:06 Unsafe file variables David Kastrup
2004-04-04 16:25 ` Richard Stallman
2004-04-04 20:04   ` Stefan Monnier
2004-04-04 20:11   ` Stefan Monnier
2004-04-04 20:28     ` David Kastrup
2004-04-04 20:49       ` Stefan Monnier
2004-04-05  2:14         ` David Kastrup
2004-04-05  3:13           ` Stefan Monnier
2004-04-05 10:34             ` David Kastrup
2004-04-05  6:36     ` Richard Stallman [this message]
2004-04-05 11:56       ` Kim F. Storm
2004-04-05 12:06       ` Kim F. Storm
2004-04-07  0:09         ` Richard Stallman
2004-04-07 17:37           ` Kevin Rodgers
2004-04-05  0:44 ` Kim F. Storm
2004-04-05  2:25   ` Kim F. Storm
2004-04-05  9:08     ` Eli Zaretskii
2004-04-05 12:08       ` Kim F. Storm

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/emacs/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=E1BANiv-0006U8-LQ@fencepost.gnu.org \
    --to=rms@gnu.org \
    --cc=dak@gnu.org \
    --cc=emacs-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).