[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE-2017-14482 - Red Hat Customer Portal
From: |
Eli Zaretskii |
Subject: |
Re: CVE-2017-14482 - Red Hat Customer Portal |
Date: |
Fri, 29 Sep 2017 11:17:49 +0300 |
> From: Robert Thorpe <rt@robertthorpeconsulting.com>
> Cc: eliz@gnu.org, help-gnu-emacs@gnu.org
> Date: Sun, 24 Sep 2017 19:29:17 +0100
>
> >> A file whose source you don't trust or are unfamiliar with should
> >> initially be examined with find-file-literally, if your security is
> >> indeed important for you. That emulates what most other text editors
> >> do when you open a file.
> >>
> >>
> > That's an unrealistic requirement; nobody will ever do this. Emacs must
> > make sure to never run untrusted code when visiting a file, unless the user
> > explicitly asked for (via the enable-local-eval variable).
>
> I think it would be very useful if Emacs had a concept of trusted-zones.
>
> So, a person could declare their main local partition to be trusted. Or
> they could declare it to be trusted except for the browser cache (for
> example).
I think we currently lack the infrastructure to support such
functionality in Emacs. IMO we should welcome work on such
infrastructure, if someone wants to step forward and lead the
development in that direction.
- Re: CVE-2017-14482 - Red Hat Customer Portal, (continued)
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal, Charles A. Roelli, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Óscar Fuentes, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Glenn Morris, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Yuri Khan, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/23
- Re: CVE-2017-14482 - Red Hat Customer Portal, Philipp Stephani, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal, Robert Thorpe, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal,
Eli Zaretskii <=
- Re: CVE-2017-14482 - Red Hat Customer Portal, Stefan Monnier, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/29
- Re: CVE-2017-14482 - Red Hat Customer Portal, Eli Zaretskii, 2017/09/29
- Message not available
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/24
- Re: CVE-2017-14482 - Red Hat Customer Portal, Glenn Morris, 2017/09/25
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/25
- RE: CVE-2017-14482 - Red Hat Customer Portal, Ludwig, Mark, 2017/09/25
- Re: CVE-2017-14482 - Red Hat Customer Portal, Emanuel Berg, 2017/09/26
- RE: CVE-2017-14482 - Red Hat Customer Portal, Ludwig, Mark, 2017/09/26
- Re: CVE-2017-14482 - Red Hat Customer Portal, Philipp Stephani, 2017/09/26