From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Glenn Morris Newsgroups: gmane.emacs.devel Subject: Re: [Emacs-diffs] /srv/bzr/emacs/emacs-24 r108098: * admin/bzrmerge.el (bzrmerge-resolve): Disable local eval:. Date: Fri, 10 Aug 2012 16:42:16 -0400 Message-ID: <1uje1ntj.fsf@fencepost.gnu.org> References: NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1344631355 6490 80.91.229.3 (10 Aug 2012 20:42:35 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Fri, 10 Aug 2012 20:42:35 +0000 (UTC) Cc: emacs-devel@gnu.org To: Stefan Monnier Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Aug 10 22:42:32 2012 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Szw2I-0004Ay-B2 for ged-emacs-devel@m.gmane.org; Fri, 10 Aug 2012 22:42:22 +0200 Original-Received: from localhost ([::1]:36497 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Szw2H-0004Iz-IK for ged-emacs-devel@m.gmane.org; Fri, 10 Aug 2012 16:42:21 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:33235) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Szw2E-0004Iu-GZ for emacs-devel@gnu.org; Fri, 10 Aug 2012 16:42:20 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Szw2D-00071r-M5 for emacs-devel@gnu.org; Fri, 10 Aug 2012 16:42:18 -0400 Original-Received: from fencepost.gnu.org ([208.118.235.10]:39768) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Szw2D-00071m-J4 for emacs-devel@gnu.org; Fri, 10 Aug 2012 16:42:17 -0400 Original-Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1Szw2C-00083t-W6; Fri, 10 Aug 2012 16:42:17 -0400 X-Spook: Al-Qaeda Aladdin halcon domestic disruption MP5K-SD SP4 X-Ran: m5->\PyyUif0H:-X7oVDAvcB^h@OobMv*)tsBS]?"b"*{m).MqbYR+#MREBE=gxX-i1tPs X-Hue: yellow X-Attribution: GM In-Reply-To: (Stefan Monnier's message of "Fri, 10 Aug 2012 16:29:56 -0400") User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 208.118.235.10 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:152420 Archived-At: Stefan Monnier wrote: > I had the impression that it only affects unusual configurations. Non-default configs; don't know if I would say "unusual". (setq enable-local-variables :safe) is all you need. There were a few places in Emacs that use that setting (without setting enable-local-eval to nil). I don't think any of them were obviously exploitable though. The autoloads one is in theory: mkdir /tmp/foo cd /tmp/foo cat < foo.el (setq foo t) ;; Local Variables: ;; eval: (shell-command "touch /tmp/OHDEAR") ;; End: EOF rm -f /tmp/OHDEAR emacs-24.1 -Q -l autoload \ --eval "(setq generated-autoload-file \"$PWD/loaddefs.el\")" \ --batch -f batch-update-autoloads . ls /tmp/OHDEAR But I suppose no-one creates autoloads without also byte-compiling, which could already eval arbitrary code. But there could be some third-party code that binds enable-local-variables to :safe around some operation, intending to make things safer for the user, but actually doing the opposite.