|
From: | Glenn Morris |
Subject: | bug#53876: 27.2; "eval: (X-mode)" is always safe as file local variable |
Date: | Tue, 08 Feb 2022 20:08:14 -0500 |
User-agent: | Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
I suppose the assumption is that code already available in the user's environment is not intrinsically malicious (ie does not contain deliberately harmful mode definitions). Rather the file-local variables safety mechanisms are intended to protect against malicious code actually embedded in the file being visited; something like eval: (shell-command ...). It underlines again the need to be careful about what elisp libraries one installs (although the simple act of installing a package can already directly execute arbitrary code anyway).
[Prev in Thread] | Current Thread | [Next in Thread] |