From: Chong Yidong <cyd@stupidchicken.com>
Cc: emacs-devel@gnu.org, monnier@iro.umontreal.ca,
"Kim F. Storm" <storm@cua.dk>
Subject: Re: Risky local variable mechanism
Date: Tue, 07 Feb 2006 11:45:57 -0500 [thread overview]
Message-ID: <87r76fkth6.fsf@stupidchicken.com> (raw)
In-Reply-To: <E1F5Aa8-0005pF-D7@fencepost.gnu.org> (Richard M. Stallman's message of "Fri, 03 Feb 2006 18:43:12 -0500")
"Richard M. Stallman" <rms@gnu.org> writes:
> Why not make anything risky, except those explicit settings which
> are recorded in safe-local-eval-forms (and add something similar
> for variables), and then make it easier to update those lists
> when user is queried to approve local variables/forms
>
> That could be a good approach.
>
> Would someone like to implement this?
How about this patch? It implements a `safe-local-variables' custom
option. If a variable is not in this list, the user is prompted
before it is set. If the user agrees to set it, and the variable is
not explicitly marked as risky (as determined by the currently
existing `risky-local-variable-p' function), we ask if that variable
can be automatically set in the future. If the user agrees to this
too, `safe-local-variables' is updated and saved to the custom-file.
*** emacs/lisp/files.el.~1.804.~ 2006-02-06 23:43:16.000000000 -0500
--- emacs/lisp/files.el 2006-02-07 11:35:06.000000000 -0500
***************
*** 2393,2405 ****
(run-hooks 'hack-local-variables-hook))
mode-specified))
! (defvar ignored-local-variables ()
! "Variables to be ignored in a file's local variable spec.")
;; Get confirmation before setting these variables as locals in a file.
(put 'debugger 'risky-local-variable t)
(put 'enable-local-eval 'risky-local-variable t)
(put 'ignored-local-variables 'risky-local-variable t)
(put 'eval 'risky-local-variable t)
(put 'file-name-handler-alist 'risky-local-variable t)
(put 'inhibit-quit 'risky-local-variable t)
--- 2393,2417 ----
(run-hooks 'hack-local-variables-hook))
mode-specified))
! (defcustom safe-local-variables
! '(c-basic-offset c-indent-level compile-command fill-column
! fill-prefix indent-tabs-mode page-delimiter paragraph-separate
! sentence-end sentence-end-double-space tab-width version-control)
! "Variables that are treated as safe."
! :group 'find-file
! :type '(repeat symbol))
!
! (defcustom ignored-local-variables
! '(ignored-local-variables safe-local-variables)
! "Variables to be ignored in a file's local variable spec."
! :group 'find-file
! :type '(repeat symbol))
;; Get confirmation before setting these variables as locals in a file.
(put 'debugger 'risky-local-variable t)
(put 'enable-local-eval 'risky-local-variable t)
(put 'ignored-local-variables 'risky-local-variable t)
+ (put 'safe-local-variables 'risky-local-variable t)
(put 'eval 'risky-local-variable t)
(put 'file-name-handler-alist 'risky-local-variable t)
(put 'inhibit-quit 'risky-local-variable t)
***************
*** 2451,2463 ****
(put 'display-time-string 'risky-local-variable t)
(put 'parse-time-rules 'risky-local-variable t)
- ;; This case is safe because the user gets to check it before it is used.
- (put 'compile-command 'safe-local-variable 'stringp)
-
(defun risky-local-variable-p (sym &optional val)
! "Non-nil if SYM could be dangerous as a file-local variable with value VAL.
! If VAL is nil or omitted, the question is whether any value might be
! dangerous."
;; If this is an alias, check the base name.
(condition-case nil
(setq sym (indirect-variable sym))
--- 2463,2482 ----
(put 'display-time-string 'risky-local-variable t)
(put 'parse-time-rules 'risky-local-variable t)
(defun risky-local-variable-p (sym &optional val)
! "Non-nil if SYM is dangerous as a file-local variable with value VAL.
! A variable is dangerous if any of the following conditions are met:
!
! * Its `risky-local-variable' property is non-nil (regardless of VAL).
!
! * Its `safe-local-variable' property is unset, and its name ends with
! \"hook(s)\", \"function(s)\", \"form(s)\", \"map\", \"program\",
! \"command(s)\", \"predicate(s)\", \"frame-alist\", \"mode-alist\",
! \"font-lock-keyword*\", \"font-lock-syntactic-keywords\", or
! \"map-alist\" (regardless of VAL).
!
! * Its `safe-local-variable' property is a function that
! evaluates to a non-nil value when given VAL as an argument."
;; If this is an alias, check the base name.
(condition-case nil
(setq sym (indirect-variable sym))
***************
*** 2540,2562 ****
((memq var ignored-local-variables)
nil)
;; "Setting" eval means either eval it or do nothing.
! ;; Likewise for setting hook variables.
! ((risky-local-variable-p var val)
! ;; Permit evalling a put of a harmless property.
! ;; if the args do nothing tricky.
! (if (or (and (eq var 'eval)
! (hack-one-local-variable-eval-safep val))
! ;; Permit eval if not root and user says ok.
! (and (not (zerop (user-uid)))
! (hack-local-variables-confirm
! "Process `eval' or hook local variables in %s? "
! enable-local-eval)))
! (if (eq var 'eval)
! (save-excursion (eval val))
! (make-local-variable var)
! (set var val))
! (message "Ignoring risky spec in the local variables list")))
! ;; Ordinary variable, really set it.
(t (make-local-variable var)
;; Make sure the string has no text properties.
;; Some text properties can get evaluated in various ways,
--- 2559,2573 ----
((memq var ignored-local-variables)
nil)
;; "Setting" eval means either eval it or do nothing.
! ((eq var 'eval)
! (if (hack-one-local-variable-eval-safep val)
! (save-excursion (eval val))
! (message "Ignoring eval spec in the local variables list")))
! ;; Variables not explicitly marked as safe, ask first.
! ((not (memq var safe-local-variables))
! (unless (zerop (user-uid))
! (hack-one-risky-local-variable var val)))
! ;; Safe variable, really set it.
(t (make-local-variable var)
;; Make sure the string has no text properties.
;; Some text properties can get evaluated in various ways,
***************
*** 2565,2570 ****
--- 2576,2608 ----
(set-text-properties 0 (length val) nil val))
(set var val))))
+ (defun hack-one-risky-local-variable (var val)
+ "Set local variable VAR with value VAL if the user agrees.
+ If the user agrees to set the variable, and the variable is not
+ explicitly marked as risky (see `risky-local-variable-p'),
+ additionally ask if it can always be set automatically.
+ If so, add it to `safe-local-variables'."
+ (let ((risky (risky-local-variable-p var val)))
+ (if (y-or-n-p (format "Set variable %s in local variable list of %s? "
+ (symbol-name var)
+ (if buffer-file-name
+ (file-name-nondirectory buffer-file-name)
+ (concat "buffer " (buffer-name)))))
+ (progn
+ (when (and (not risky)
+ (y-or-n-p (format "Always allow setting %s? "
+ (symbol-name var))))
+ (customize-save-variable
+ 'safe-local-variables
+ (add-to-list 'safe-local-variables var))
+ (message
+ "To undo this change, customize `safe-local-variables'."))
+ (make-local-variable var)
+ (set var val))
+ (unless risky
+ (message "To always ignore %s as a local variable, \
+ customize `ignored-local-variables'."
+ (symbol-name var))))))
\f
(defcustom change-major-mode-with-file-name t
"*Non-nil means \\[write-file] should set the major mode from the file name.
next prev parent reply other threads:[~2006-02-07 16:45 UTC|newest]
Thread overview: 99+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-31 23:09 Risky local variable mechanism Richard M. Stallman
2006-02-01 0:37 ` Stefan Monnier
2006-02-01 0:41 ` Luc Teirlinck
2006-02-01 2:39 ` Stefan Monnier
2006-02-02 4:17 ` Richard M. Stallman
2006-02-02 12:42 ` Kim F. Storm
2006-02-03 23:43 ` Richard M. Stallman
2006-02-04 4:34 ` Luc Teirlinck
2006-02-05 17:34 ` Richard M. Stallman
2006-02-06 6:00 ` Luc Teirlinck
2006-02-07 6:07 ` Richard M. Stallman
2006-02-07 2:47 ` Luc Teirlinck
2006-02-07 16:45 ` Chong Yidong [this message]
2006-02-08 1:49 ` Luc Teirlinck
2006-02-08 2:09 ` Chong Yidong
2006-02-08 2:18 ` Luc Teirlinck
2006-02-08 4:30 ` Chong Yidong
2006-02-08 4:56 ` Chong Yidong
2006-02-08 5:02 ` Luc Teirlinck
2006-02-08 5:00 ` Luc Teirlinck
2006-02-08 5:28 ` Chong Yidong
2006-02-08 3:13 ` Stefan Monnier
2006-02-08 4:51 ` Chong Yidong
2006-02-08 5:07 ` Stefan Monnier
2006-02-08 5:25 ` Chong Yidong
2006-02-08 6:00 ` Stefan Monnier
2006-02-08 13:35 ` Chong Yidong
2006-02-08 21:41 ` Stefan Monnier
2006-02-08 6:06 ` Luc Teirlinck
2006-02-08 6:49 ` Stefan Monnier
2006-02-08 5:48 ` Luc Teirlinck
2006-02-08 6:08 ` Stefan Monnier
2006-02-08 6:17 ` Luc Teirlinck
2006-02-08 6:48 ` Stefan Monnier
2006-02-09 17:47 ` Richard M. Stallman
2006-02-09 17:47 ` Richard M. Stallman
2006-02-10 23:57 ` Luc Teirlinck
2006-02-08 9:21 ` Juri Linkov
2006-02-08 12:48 ` Disabled commands (was: Risky local variable mechanism) Stefan Monnier
2006-02-09 17:48 ` Richard M. Stallman
2006-02-09 22:07 ` Disabled commands Stefan Monnier
2006-02-10 2:30 ` Miles Bader
2006-02-10 7:47 ` Eli Zaretskii
2006-02-13 8:36 ` Bill Wohler
2006-02-13 9:26 ` Kim F. Storm
2006-02-13 9:43 ` Giorgos Keramidas
2006-02-13 13:54 ` Romain Francoise
2006-02-09 18:46 ` Kevin Rodgers
2006-02-08 15:45 ` Risky local variable mechanism Drew Adams
2006-02-09 3:58 ` Luc Teirlinck
2006-02-09 17:48 ` Richard M. Stallman
2006-02-10 5:34 ` Chong Yidong
2006-02-10 17:03 ` Stefan Monnier
2006-02-10 17:54 ` Chong Yidong
2006-02-11 0:31 ` Luc Teirlinck
2006-02-12 1:00 ` Stefan Monnier
2006-02-12 4:30 ` Richard M. Stallman
2006-02-11 3:31 ` Luc Teirlinck
2006-02-12 1:02 ` Stefan Monnier
2006-02-12 1:15 ` Luc Teirlinck
2006-02-11 16:44 ` Richard M. Stallman
2006-02-14 1:33 ` Chong Yidong
2006-02-14 2:50 ` Luc Teirlinck
2006-02-14 22:17 ` Richard M. Stallman
2006-02-14 3:16 ` Luc Teirlinck
2006-02-14 3:32 ` Luc Teirlinck
2006-02-14 3:38 ` Luc Teirlinck
2006-02-14 3:48 ` Chong Yidong
2006-02-14 4:11 ` Luc Teirlinck
2006-02-14 4:26 ` Chong Yidong
2006-02-16 14:02 ` safe-local-variable additions (was: Risky local variable mechanism) Reiner Steib
2006-02-17 2:47 ` safe-local-variable additions Chong Yidong
2006-02-17 14:30 ` Reiner Steib
2006-02-02 12:47 ` Risky local variable mechanism Kim F. Storm
2006-02-01 2:30 ` Chong Yidong
2006-02-02 4:15 ` Richard M. Stallman
2006-02-02 9:54 ` David Kastrup
2006-02-02 14:54 ` Kim F. Storm
2006-02-03 5:04 ` Richard M. Stallman
[not found] <E1F46oA-0005O8-FC@monty-python.gnu.org>
2006-02-01 15:24 ` Jonathan Yavner
2006-02-01 17:00 ` Stefan Monnier
2006-02-01 23:31 ` Kim F. Storm
2006-02-02 5:05 ` Stefan Monnier
2006-02-01 23:12 ` Chong Yidong
2006-02-02 16:21 ` Richard M. Stallman
2006-02-02 17:00 ` Stefan Monnier
-- strict thread matches above, loose matches on Subject: below --
2006-02-02 8:14 LENNART BORGMAN
2006-02-10 18:13 risky " Jonathan Yavner
2006-02-11 3:19 ` Luc Teirlinck
2006-02-13 4:40 ` Richard M. Stallman
2006-02-11 17:08 ` Chong Yidong
2006-02-11 20:27 ` Jonathan Yavner
2006-02-11 20:46 ` Chong Yidong
2006-02-12 19:29 ` Richard M. Stallman
2006-02-12 19:52 ` Chong Yidong
2006-02-13 20:05 ` Richard M. Stallman
2006-02-13 21:03 ` Chong Yidong
2006-02-12 1:10 ` Luc Teirlinck
2006-02-12 19:29 ` Richard M. Stallman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r76fkth6.fsf@stupidchicken.com \
--to=cyd@stupidchicken.com \
--cc=emacs-devel@gnu.org \
--cc=monnier@iro.umontreal.ca \
--cc=storm@cua.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.