[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Emacs Arbitrary Code Execution and How to Avoid It
|
From: |
Christopher Howard |
|
Subject: |
Emacs Arbitrary Code Execution and How to Avoid It |
|
Date: |
Tue, 03 Dec 2024 08:53:57 -0900 |
Hi, I read the interesting write up here:
https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html
I wasn't terribly worried about this, as I don't *automatically* activate
Flymake or Flycheck. But the article did mention that "code completion runs
arbitrary code", and I was wondering more about that. I do not currently use
Completion Preview mode. I have used Company in the past but company-mode is
not currently activated. So, if I am just viewing an elisp file, i.e., not
typing anything it in, nor running dabbrev commands, is there any danger?
Should I setup Emacs to, by default, open all elisp files in View Mode?
Regarding dabbrev, I know dabbrev can search all buffers but I don't know if it
does any macro expansion.
I was going to e-mail the author of the post, but cloudflare won't let me see
his e-mail address.
--
馃摏 Christopher Howard
馃殌 gemini://gem.librehacker.com
馃寪 http://gem.librehacker.com
讘专讗砖讬转 讘专讗 讗诇讛讬诐 讗转 讛砖诪讬诐 讜讗转 讛讗专抓
- Emacs Arbitrary Code Execution and How to Avoid It,
Christopher Howard <=
Re: Emacs Arbitrary Code Execution and How to Avoid It, Jean Louis, 2024/12/04