Re: Gentoo security alert 200902-06 (emacs)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
on 02/26/2009 04:05 PM Stephen J. Turnbull said the following:
...but there are so many ways to get code executed in Emacsen I
shiver to think there's anybody out there who would refuse to use an
Emacs without a patch for this bug, but would use an Emacs with a
patch for it.
The issue, I believe, is the silent (i.e. inadvertent) execution of
code, say "rm -rf $HOME &".
Before we go spending energy on alleged security bugs, we should
think
more carefully about what we want our security posture to be. I note
that the Python developers eventually gave up on "restricted mode",
etc.
Agreed. I don't recall any such discussion, but maybe there has been.
- --- Vladimir
- --
Vladimir G. Ivanovic
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmna+8ACgkQtoykdjDhdFtpOwCfSpEdPHnZ1wKC9vvOVEQBhijs
A1oAn0pRkrCoTtppUQISHXMdplzrOua3
=ediN
-----END PGP SIGNATURE-----
_______________________________________________
XEmacs-Beta mailing list
XEmacs-Beta(a)xemacs.org
http://calypso.tux.org/cgi-bin/mailman/listinfo/xemacs-beta