From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Michael Schierl Newsgroups: gmane.emacs.bugs Subject: Re: HOW CAN I STOP THIS NOVICE MODE STUFF? Date: Tue, 25 Dec 2007 23:32:41 +0100 Message-ID: References: <476ED79F.1000306@gmail.com> <477141A3.7030808@gmail.com> Reply-To: schierlm@gmx.de NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Trace: ger.gmane.org 1198622003 24991 80.91.229.12 (25 Dec 2007 22:33:23 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 25 Dec 2007 22:33:23 +0000 (UTC) To: bug-gnu-emacs@gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Dec 25 23:33:35 2007 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1J7IL8-0007ph-BI for geb-bug-gnu-emacs@m.gmane.org; Tue, 25 Dec 2007 23:33:34 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1J7IKn-0001TK-NJ for geb-bug-gnu-emacs@m.gmane.org; Tue, 25 Dec 2007 17:33:13 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1J7IKh-0001Pv-LG for bug-gnu-emacs@gnu.org; Tue, 25 Dec 2007 17:33:07 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1J7IKf-0001Pb-5F for bug-gnu-emacs@gnu.org; Tue, 25 Dec 2007 17:33:07 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1J7IKe-0001PI-TT for bug-gnu-emacs@gnu.org; Tue, 25 Dec 2007 17:33:04 -0500 Original-Received: from main.gmane.org ([80.91.229.2] helo=ciao.gmane.org) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1J7IKe-000213-Fe for bug-gnu-emacs@gnu.org; Tue, 25 Dec 2007 17:33:04 -0500 Original-Received: from list by ciao.gmane.org with local (Exim 4.43) id 1J7IKV-0003R3-H2 for bug-gnu-emacs@gnu.org; Tue, 25 Dec 2007 22:32:55 +0000 Original-Received: from p549bb547.dip0.t-ipconnect.de ([84.155.181.71]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 25 Dec 2007 22:32:55 +0000 Original-Received: from schierlm by p549bb547.dip0.t-ipconnect.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 25 Dec 2007 22:32:55 +0000 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 56 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: p549bb547.dip0.t-ipconnect.de User-Agent: 40tude_Dialog/2.0.14.1 X-detected-kernel: by monty-python.gnu.org: Linux 2.6, seldom 2.4 (older, 4) X-BeenThere: bug-gnu-emacs@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:17238 Archived-At: On Tue, 25 Dec 2007 09:45:07 -0800, Bruce Korb wrote: > "anyone", I would hope :). Perhaps I was mistaken. I thought > these incantations were constrained to setting buffer local > variable values. Even if they were: there are some buffer-local variables (for syntax highlighting for example) whose subexpressions are evaluated. And, there are local hook variables which contain Lisp code as well. So, even if enable-local-eval is disabled (as it is by default), you could use "backdoors" to introduce your own Lisp code by setting the right local variables. Therefore, every local variable that is not marked as safe-local-variable (by the packages that declares it) will cause an "annoying" warning (which gives you an option to ignore it the next time). On the other hand, a variable is marked as risky-local-variable, the option ! -- to apply the local variables list, and permanently mark these values (*) as safe (in the future, they will be set automatically.) will not show up, so you will be asked over and over. So, to avoid these messages, the best way IMHO is to ask the package maintainer to mark the variable you want to set in your local variables as safe. > If they can execute arbitrary emacs lisp code, > then it sounds very Microsoft-like. ``Let it be easy for > content providers and painful to secure.'' If emacs has really > become "that powerful" then there's nothing for it but to go > back to old versions or back to vi. I disliked vi in 1974, > despite "ed" being the only competition. You can disable the local variables stuff completely, if you think it is too insecure. > C.F. ``See "(info ...)" and "Ch-v v enable-local-variables'', I > am afraid that does not address this issue. Extracted from .emacs: > > (setq enable-local-variables 't) a) you do not need to quote t, it will quote itself b) t and :all is not the same c) you do not need to quote :all either :) You can add the variable and its value to safe-local-variable-values if you do not want to allow all variables. Michael -- #!/usr/bin/perl -I' # tekscribble.pl - start in an xterm and scribble with mouse $|=1;$g="\35";sub g{getc}sub p{print@_}system"stty -icanon";p"\233?38h";for(;;){ p"$g\33\32";$_=g;$x=g;$X=g;$y=g;$Y=g;last if/q/;$k=$y.chr((ord$Y)+64).$x.chr(( ord$X)+32);p"\33\14"if/c/;p$g.(/ì/?$l:$k).$k;$l=$k;}p"\33\3";system"stty icanon"