Eric M. Ludlam writes:
The issue is that if a user enables ede-mode, it will attempt to
automatically identify a project whenever you visit a file. The
unpatched version of EDE will then load whatever file is called
Project.ede in order to create the project file stored within.
I second Mike's "thank you".
It's possible to (relatively) safely do this by `read'ing sexps from
the file rather than `load'ing the file. Users can still specify
executable code by using function symbols or lambdas, but they (and
you) have much finer control over if and when to evaluate it.
I think in the long run you should probably deprecate Project.ede-
style configuration and move to a format that is an alist or plist
that is read rather than loaded.
 If you do it the easy way and just iterate over an alist
automatically setq'ing the cars to the cdrs, you still have an attack
by specifying a lambda as value for a hook variable or similar (eg,
`fill-paragraph-function' is reasonably certain be called soon).
Although desktop.el `read's its configuration rather than `load's it,
this is why I suspect it's possible to execute code from an
.emacs.desktop file. The user need not know unless they have their
own fill-paragraph-function, as the lambda can be something like
(lambda (&rest args)
(setq fill-paragraph-function nil)
(apply #'fill-paragraph args)))
A variant would let-bind `fill-paragraph-function', allowing the Evil
Thing to be repeated frequently.
XEmacs-Beta mailing list