From mboxrd@z Thu Jan  1 00:00:00 1970
Path: main.gmane.org!not-for-mail
From: "Alfred M. Szmidt" <ams@kemisten.nu>
Newsgroups: gmane.emacs.bugs
Subject: Re: security problem in emacs
Date: Tue, 31 Dec 2002 16:14:08 +0100
Sender: bug-gnu-emacs-bounces+gnu-bug-gnu-emacs=m.gmane.org@gnu.org
Message-ID: <E18TO5o-000385-00@lgh163a.kemisten.nu>
References: <mailman.749.1041337086.19936.bug-gnu-emacs@gnu.org>
	<3E11ADF9.3070902@guninski.com>
NNTP-Posting-Host: main.gmane.org
X-Trace: main.gmane.org 1041348050 22985 80.91.224.249 (31 Dec 2002 15:20:50 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Tue, 31 Dec 2002 15:20:50 +0000 (UTC)
Cc: kai.grossjohann@uni-duisburg.de
Return-path: <bug-gnu-emacs-bounces+gnu-bug-gnu-emacs=m.gmane.org@gnu.org>
Original-Received: from monty-python.gnu.org ([199.232.76.173])
	by main.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 18TOCD-0005xw-00
	for <gnu-bug-gnu-emacs@m.gmane.org>; Tue, 31 Dec 2002 16:20:45 +0100
Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org)
	by monty-python.gnu.org with esmtp (Exim 4.10.13)
	id 18TO78-0002gU-0B
	for gnu-bug-gnu-emacs@m.gmane.org; Tue, 31 Dec 2002 10:15:30 -0500
Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.10.13)
	id 18TO6p-0002Sk-00
	for bug-gnu-emacs@gnu.org; Tue, 31 Dec 2002 10:15:11 -0500
Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.10.13)
	id 18TO6T-0001VU-00
	for bug-gnu-emacs@gnu.org; Tue, 31 Dec 2002 10:14:53 -0500
Original-Received: from mailhost.bonet.ac ([194.165.224.191])
	by monty-python.gnu.org with esmtp (Exim 4.10.13)
	id 18TO6O-0001Bh-00
	for bug-gnu-emacs@gnu.org; Tue, 31 Dec 2002 10:14:45 -0500
Original-Received: from lgh163a.kemisten.nu (lgh163a.kemisten.nu [212.32.172.173])
	by mailhost.bonet.ac (8.8.8/8.8.8) with ESMTP id QAA20070;
	Tue, 31 Dec 2002 16:14:08 +0100 (MET)
Original-Received: from ams by lgh163a.kemisten.nu with local (Exim 3.36 #1 (Debian))
	id 18TO5o-000385-00; Tue, 31 Dec 2002 16:14:08 +0100
Original-To: guninski@guninski.com
In-reply-to: <3E11ADF9.3070902@guninski.com> (message from Georgi Guninski on
	Tue, 31 Dec 2002 16:47:21 +0200)
Original-cc: bug-gnu-emacs@gnu.org
X-BeenThere: bug-gnu-emacs@gnu.org
X-Mailman-Version: 2.1b5
Precedence: list
List-Id: Bug reports for GNU Emacs, the Swiss army knife of text editors
 <bug-gnu-emacs.gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Subscribe: <http://mail.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
List-Archive: <http://mail.gnu.org/pipermail/bug-gnu-emacs>
List-Unsubscribe: <http://mail.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
Errors-To: bug-gnu-emacs-bounces+gnu-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: main.gmane.org gmane.emacs.bugs:4121
X-Report-Spam: http://spam.gmane.org/gmane.emacs.bugs:4121

   Is the new attached file also fixed?

Emacs CVS gives a warning about the code.

   I suggest you disable local variables by default - they are not
   portable and some people use emacs for examining untrusted log
   files or read mail.

Disabling local variables completely seems silly.  Making Emacs warn
the user when running local-hook's or eval's is a far better idea;
which is done in CVS.  Local variables are very useful.