Re: Emacs security issues; XEmacs affected?
Eric M. Ludlam writes:
The issue is that if a user enables ede-mode, it will attempt to
automatically identify a project whenever you visit a file. The
unpatched version of EDE will then load whatever file is called
Project.ede in order to create the project file stored within.
I second Mike's "thank you".
It's possible to (relatively) safely do this by `read'ing sexps from
the file rather than `load'ing the file.[1] Users can still specify
executable code by using function symbols or lambdas, but they (and
you) have much finer control over if and when to evaluate it.
I think in the long run you should probably deprecate Project.ede-
style configuration and move to a format that is an alist or plist
that is read rather than loaded.
Footnotes:
[1] If you do it the easy way and just iterate over an alist
automatically setq'ing the cars to the cdrs, you still have an attack
by specifying a lambda as value for a hook variable or similar (eg,
`fill-paragraph-function' is reasonably certain be called soon).
Although desktop.el `read's its configuration rather than `load's it,
this is why I suspect it's possible to execute code from an
.emacs.desktop file. The user need not know unless they have their
own fill-paragraph-function, as the lambda can be something like
(lambda (&rest args)
(do-your-evil-thing)
(setq fill-paragraph-function nil)
(apply #'fill-paragraph args)))
A variant would let-bind `fill-paragraph-function', allowing the Evil
Thing to be repeated frequently.
_______________________________________________
XEmacs-Beta mailing list
XEmacs-Beta(a)xemacs.org
http://lists.xemacs.org/mailman/listinfo/xemacs-beta