Re: Emacs security issues; XEmacs affected?
Mike Kupfer writes:
If a user can protect themselves against this by having a suitably
cautious configuration (e.g., having enable-local-eval set to something
other than t), then I'm not concerned.
Indeed. I think the idea of :safe is pretty stupid, just asking for
trouble. I imagine most common needs for executable code in local
variables can be handled by modes, and the rest can be handled by
modes plus a variable set in the local variables section.
On the other hand, if the only way to avoid this problem is to not
use EDE, then I think we should fix EDE.
The thing is that there are scads of ways that random evil can invade
your Emacs. ftp://random.evil.com/lisp-pkg.tar.el, .emacs.desktop,
~user/.emacs, C-c C-c in many modes, and I'm sure there are others.
Heck, AFAIK nobody has ever done a serious review of the code in EDE
itself.
_______________________________________________
XEmacs-Beta mailing list
XEmacs-Beta(a)xemacs.org
http://lists.xemacs.org/mailman/listinfo/xemacs-beta