From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: =?UTF-8?Q?Andreas_R=c3=b6hler?= <andreas.roehler@easy-emacs.de>
Newsgroups: gmane.emacs.help
Subject: Re: eval and security
Date: Mon, 24 Oct 2016 19:40:54 +0200
Message-ID: <9563de23-c531-a487-8f4e-924284d255b4@easy-emacs.de>
References: <d55be2b3-e2e5-f3a2-f712-13b58fd30e49@easy-emacs.de>
	<20161024123151.GB10964@tuxteam.de>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Trace: blaine.gmane.org 1477333775 17504 195.159.176.226 (24 Oct 2016 18:29:35 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Mon, 24 Oct 2016 18:29:35 +0000 (UTC)
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101
	Icedove/45.4.0
To: help-gnu-emacs@gnu.org
Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Mon Oct 24 20:29:30 2016
Return-path: <help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geh-help-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org>)
	id 1byjzp-0002fb-1p
	for geh-help-gnu-emacs@m.gmane.org; Mon, 24 Oct 2016 20:29:17 +0200
Original-Received: from localhost ([::1]:48797 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org>)
	id 1byjzr-0003SH-7G
	for geh-help-gnu-emacs@m.gmane.org; Mon, 24 Oct 2016 14:29:19 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:38275)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <andreas.roehler@easy-emacs.de>) id 1byj7Q-00054j-8z
	for help-gnu-emacs@gnu.org; Mon, 24 Oct 2016 13:33:05 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <andreas.roehler@easy-emacs.de>) id 1byj7M-0002F1-8o
	for help-gnu-emacs@gnu.org; Mon, 24 Oct 2016 13:33:04 -0400
Original-Received: from mout.kundenserver.de ([217.72.192.73]:52513)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <andreas.roehler@easy-emacs.de>)
	id 1byj7L-0002Eg-VT
	for help-gnu-emacs@gnu.org; Mon, 24 Oct 2016 13:33:00 -0400
Original-Received: from [192.168.178.35] ([77.12.57.15]) by mrelayeu.kundenserver.de
	(mreue104) with ESMTPSA (Nemesis) id 0MEn74-1c9Eqh264w-00G4Rf for
	<help-gnu-emacs@gnu.org>; Mon, 24 Oct 2016 19:32:57 +0200
In-Reply-To: <20161024123151.GB10964@tuxteam.de>
X-Provags-ID: V03:K0:ivKg8am4vcw4FDY59siNge2uQ+UiRT5M6/AsYnEALGi3NNfWJuD
	n9Tv/WsIle9V2J/qltSuOmelh+S9O+FcgLas1L3hGiewxpJIw3zgSxWWbN03IrgiINXX/F2
	yi4zNyf4IS6nB6qju3OboMXoEk7BRdc+y8BkycIus3KHN9e1ho5iCc0+mr7kj/PperMA21s
	fIXXWeWrEv4hpDmiY9iaw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:b5gGRGAxFCY=:+Om5kFKhXcvgT0QekMEwse
	BMQ4KxlrCZNg5hqNSQ9aWRWCmRPRaCyHWkpdJlq3OXQKrDpyElyEbYP74HER5YGU3uAYWVzoo
	EPLMoDy0zHn8WOAl01CAce4MC3LWNsVfrV8biYHE1uNzzXc2E51OOPLf5YOX3nJasZHZwQnPr
	KHdm1bRtPRgVCT4hRuM1w55K5S3ngPTzKRebleEp8VmYgXBzDfLJuQMulOxBFb5V0N5GeLOJO
	bZSkBW5y/BLyYG9dlLPWYY4uA6N2vItNd0OI4qfAKkp8yRl2NOgNn4/nLWEkdS2JHBtgysfNh
	CKPGvaamojcTPa/3nfanK5d94J7OR248wMkCyls1bWOTtbwR20Ecb6I1xVrTJncxlCJTuHRkZ
	PctEwn+bIR2Au3U16LYzKsE8Ga3nphmVhr4QGJOXJ2dVBOo+PRJ9R4zxhX82U/I6xkpKvNMJR
	aFh7wrom+cW20axXBzHiqHQcBmhPtqDsCGZXoyr8G1+GDexB1d3XjK2/6wo5rCy2LepqNBMIp
	wXdqNTl/9SJPaTOMe94/I4vOlA6vi2bTl0m3hl7CqOK1F17Ua+zk/Ct1UQXWUBGX8zURt8Fxl
	6uBOB2o41j/yhcmRivVMid+GHq7JbmW+T/lSLpb7Lmf0zXe1euUHMiBC7Iqi7pUWvRCHaXhD6
	NgRfD9y+ThTGI5+SOWy95x4kfm9OWA9oxvyMkFzwdmMEEPIAdqeo5my070Br/l9HjSnvF90hq
	4CC5A480PH11/aNo
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 217.72.192.73
X-BeenThere: help-gnu-emacs@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: Users list for the GNU Emacs text editor <help-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-gnu-emacs>,
	<mailto:help-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/help-gnu-emacs/>
List-Post: <mailto:help-gnu-emacs@gnu.org>
List-Help: <mailto:help-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-gnu-emacs>,
	<mailto:help-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "help-gnu-emacs"
	<help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.help:111610
Archived-At: <http://permalink.gmane.org/gmane.emacs.help/111610>



On 24.10.2016 14:31, tomas@tuxteam.de wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, Oct 24, 2016 at 02:20:44PM +0200, Andreas Röhler wrote:
>> Hi,
>>
>> remember a saying like "avoid calls like (eval 'my-symbol) in
>> lisp-code" as related to security issues.
>>
>> Is there some reading to learn more? Maybe I'm mistaking something?
> Perhaps because a randomly downloaded package can redefine 'my-symbol
> to be something evil?

Yes, that would be the problem. However, the way Emacs works, any symbol 
might be replaced by such a package, right?