From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: cdelia@dc.uba.ar Newsgroups: gmane.emacs.devel Subject: mark .dir-locals.el buffer or file as safe instead of variables as safe Date: Tue, 26 Jun 2018 21:14:52 -0300 Message-ID: NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Trace: blaine.gmane.org 1530058364 14913 195.159.176.226 (27 Jun 2018 00:12:44 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 27 Jun 2018 00:12:44 +0000 (UTC) User-Agent: Roundcube Webmail/1.3.6 To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Jun 27 02:12:40 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fXy4a-0003kC-Tn for ged-emacs-devel@m.gmane.org; Wed, 27 Jun 2018 02:12:40 +0200 Original-Received: from localhost ([::1]:55894 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fXy6i-0004qs-A7 for ged-emacs-devel@m.gmane.org; Tue, 26 Jun 2018 20:14:48 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:33035) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fXy6c-0004qk-7K for emacs-devel@gnu.org; Tue, 26 Jun 2018 20:14:43 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fXy6Y-00026u-VR for emacs-devel@gnu.org; Tue, 26 Jun 2018 20:14:42 -0400 Original-Received: from mta0.exactas.uba.ar ([157.92.32.130]:55763) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fXy6Y-00020e-GW for emacs-devel@gnu.org; Tue, 26 Jun 2018 20:14:38 -0400 Original-Received: from antispam0.exactas.uba.ar (antispam0 [172.20.0.135]) by mta0.exactas.uba.ar (Postfix) with ESMTP id 8299F405D1 for ; Tue, 26 Jun 2018 21:14:33 -0300 (-03) X-Virus-Scanned: Debian amavisd-new at antispam0.fcen.uba.ar Original-Received: from mta0.exactas.uba.ar ([172.20.0.130]) by antispam0.exactas.uba.ar (antispam0.exactas.uba.ar [172.20.0.135]) (amavisd-new, port 10024) with LMTP id CJ7A1_jc-72R for ; Tue, 26 Jun 2018 21:14:30 -0300 (ART) Original-Received: from webmail.dc.uba.ar (webmaildc.fcen.uba.ar [157.92.32.133]) (Authenticated sender: cdelia@dc.uba.ar) by mta0.exactas.uba.ar (Postfix) with ESMTPSA id 70CD540584 for ; Tue, 26 Jun 2018 21:14:30 -0300 (-03) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dc.uba.ar; s=dc201510; t=1530058470; bh=PcMgtMPzJpp3EvbFUdnxzcrSQd6/3m6c+lxokpqv2QI=; h=Date:From:To:Subject:From; b=IA+grgOkZsIM9h8Jzq+7V/dGOyVuGdhDs9+PaI7vQnh9uWs5XhwF445NN01hmz5aO ub4+OH+icY2tnjt+34VjltoGjLbrLwl4FJP4eqEnljMu7UdjrbygPQglhmnchH/AGk KYhAQEr0K9NaGRZOm7OnDLuxjMATop7zPgaMurpY= X-Sender: cdelia@dc.uba.ar X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 157.92.32.130 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:226753 Archived-At: Hi, new in town! I have a .dir-locals.el (with a bunch of 'eval') on my project and I was trying to get rid of the confirmation popups. Anyway, I'm not trying to get help, only presenting you the use case. reading through info manual I found that we can only mark *variables* as *safe* but not a particular *.dir-locals.el* to be secure. https://www.gnu.org/software/emacs/manual/html_node/emacs/Safe-File-Variables.html#Safe-File-Variables I'm trying to wrap my head around this, and I, in my *very* humble opinion, think, it's a bad design decision. and that's because: One just *do not trust variables*, only *those who modify it*. (1) Example: /path-to-my-trusted-land/some-project/.dir-locals.el ^ everything here should be legal, so why bother me with confirmation every time a open a file? /path-to-hell-and-deprived-sleep-nights/some-project/.dir-locals.el ^ everything here should be used *with caution*, and maybe some kind of Virgilio to get us out of hell. So, if a mark foo-variable, on trusted land to get rid of confirmation and just happen to open something on hell itself, by accident or glory, instead of a peak of dark magic knowledge I could let all hell break lose. Could this be a feature to be implemented? Should it be? I newer yet dwell through the deeps of emacs C source, but I can give it a try if it isn't a sacrilege or there is something obvious that I'm not seeing. (1) note that the inverse it's not necessary true: it's perfectly fine to mark variables as insecure. Anyway, I'm not against the _possibility_ to mark variables as safe, I'm against the lack of a direct method to mark a buffer or a file that modify them, to be secure.