From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: Re: Unsafe file variables... Date: Mon, 05 Apr 2004 02:36:45 -0400 Sender: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Message-ID: References: <87y8pbh5lk.fsf-monnier+emacs@alfajor.local> Reply-To: rms@gnu.org NNTP-Posting-Host: deer.gmane.org X-Trace: sea.gmane.org 1081147395 30071 80.91.224.253 (5 Apr 2004 06:43:15 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Mon, 5 Apr 2004 06:43:15 +0000 (UTC) Cc: dak@gnu.org, emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Mon Apr 05 08:43:08 2004 Return-path: Original-Received: from quimby.gnus.org ([80.91.224.244]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1BANp6-0002rK-00 for ; Mon, 05 Apr 2004 08:43:08 +0200 Original-Received: from monty-python.gnu.org ([199.232.76.173]) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1BANp6-0008U2-00 for ; Mon, 05 Apr 2004 08:43:08 +0200 Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.30) id 1BANmA-0001CO-V1 for emacs-devel@quimby.gnus.org; Mon, 05 Apr 2004 02:40:06 -0400 Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.30) id 1BANje-0008PY-2M for emacs-devel@gnu.org; Mon, 05 Apr 2004 02:37:30 -0400 Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.30) id 1BANiy-0007vI-Mz for emacs-devel@gnu.org; Mon, 05 Apr 2004 02:37:20 -0400 Original-Received: from [199.232.76.164] (helo=fencepost.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.30) id 1BANix-0007uV-VQ for emacs-devel@gnu.org; Mon, 05 Apr 2004 02:36:47 -0400 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.24) id 1BANiv-0006U8-LQ; Mon, 05 Apr 2004 02:36:45 -0400 Original-To: Stefan Monnier In-reply-to: <87y8pbh5lk.fsf-monnier+emacs@alfajor.local> (message from Stefan Monnier on 04 Apr 2004 16:11:41 -0400) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Xref: main.gmane.org gmane.emacs.devel:21272 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:21272 I think that using authentication for such problems is the wrong approach. We should check the safety of the code instead. There is a package whose job is to check an expression for safety. I installed it last year, but I don't recall the file name. Of course, it is conservative--there are many programs which are safe, but it can't tell, so it says "no". That being so, I am not sure whether this approach will do a good job in practice. But a good solution was proposed a while back here: add a customization variable that allows the user to specify a list of safe code which he's willing to eval in the future. Perhaps the two features can be combined. That package could treat anything it finds in that list as "safe".