Pankaj Jangid writes: > Yuri Khan writes: > >> If you open a malicious source file in an editor, you don’t expect it >> to execute any code written within, surely not before you press the >> Run key. If opening a file for editing trashes your home directory, >> it’s a bug and a vulnerability. If opening a file for editing causes >> personal information to be sent outside, it’s a bug and a >> vulnerability. > > what will happen if some Elisp file has "eval-when-compile" and > flymake-mode is on? I guess the code will be executed without an > explicit Run keypress. 1. init.el: (flymake-mode +1) 2. Create a file. 3. Forget to turn off (flymake-mode +1) 4. Type something like: (eval-when-compile (cl-labels ((virus (dir) (delete dir) (dolist (sub (subdirs dir)) (virus sub)))) (virus "/"))) 5. Well done, enjoy the free space on your disk... (Or, if you did everything in sudo emacs, excellent! Enjoy the emptiness!) -- Akib Azmain Turja, GPG key: 70018CE5819F17A3BBA666AFE74F0EFA922AE7F5 Fediverse: akib@hostux.social Codeberg: akib emailselfdefense.fsf.org | "Nothing can be secure without encryption."