From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.devel Subject: Re: Risky local variable mechanism Date: Thu, 02 Feb 2006 12:00:02 -0500 Message-ID: <87zml9ofzf.fsf-monnier+emacs@gnu.org> References: <200602011024.29973.jyavner@member.fsf.org> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1138908245 17895 80.91.229.2 (2 Feb 2006 19:24:05 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Thu, 2 Feb 2006 19:24:05 +0000 (UTC) Cc: Jonathan Yavner , emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Feb 02 20:24:01 2006 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1F4k3Q-0008OC-UM for ged-emacs-devel@m.gmane.org; Thu, 02 Feb 2006 20:23:41 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1F4k6Y-0000QA-P3 for ged-emacs-devel@m.gmane.org; Thu, 02 Feb 2006 14:26:54 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1F4iAB-0004ro-TR for emacs-devel@gnu.org; Thu, 02 Feb 2006 12:22:32 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1F4i12-00014H-L8 for emacs-devel@gnu.org; Thu, 02 Feb 2006 12:13:07 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1F4hrf-0005cx-1n for emacs-devel@gnu.org; Thu, 02 Feb 2006 12:03:27 -0500 Original-Received: from [209.226.175.4] (helo=tomts16-srv.bellnexxia.net) by monty-python.gnu.org with esmtp (Exim 4.52) id 1F4hqT-0003Ml-0l; Thu, 02 Feb 2006 12:02:09 -0500 Original-Received: from alfajor ([67.71.26.32]) by tomts16-srv.bellnexxia.net (InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP id <20060202170004.MTVQ9608.tomts16-srv.bellnexxia.net@alfajor>; Thu, 2 Feb 2006 12:00:04 -0500 Original-Received: by alfajor (Postfix, from userid 1000) id F05B8D736C; Thu, 2 Feb 2006 12:00:02 -0500 (EST) Original-To: rms@gnu.org In-Reply-To: (Richard M. Stallman's message of "Thu, 02 Feb 2006 11:21:27 -0500") User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:49933 Archived-At: > I am not sure binding sendmail-program is unsafe. > It will generally have no effect if you bind it locally > in a buffer that isn't a mail buffer. But looking at the more > general issue of binding variables that specify programs to run, > I am not sure how much of a security issue that is, > other than for root. It can only run programs that exist. > Even if you could set sendmail-program globally in Emacs, > could you actually find a value that would predictably do harm? It mostly depends on whether or not the string represent the filename of a program or the beginning of a shell command (i.e. can it include arguments?). "Interesting" commands can be "rm" (of course), "echo foobar ~/.ssh/authorized_keys", ... Stefan