[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Emacs Arbitrary Code Execution and How to Avoid It
|
From: |
Gerd Möllmann |
|
Subject: |
Re: Emacs Arbitrary Code Execution and How to Avoid It |
|
Date: |
Tue, 03 Dec 2024 20:20:04 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Christopher Howard <christopher@librehacker.com> writes:
> Hi, I read the interesting write up here:
>
> https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html
>
> I wasn't terribly worried about this, as I don't *automatically*
> activate Flymake or Flycheck. But the article did mention that "code
> completion runs arbitrary code", and I was wondering more about that.
> I do not currently use Completion Preview mode. I have used Company in
> the past but company-mode is not currently activated. So, if I am just
> viewing an elisp file, i.e., not typing anything it in, nor running
> dabbrev commands, is there any danger? Should I setup Emacs to, by
> default, open all elisp files in View Mode?
>
> Regarding dabbrev, I know dabbrev can search all buffers but I don't know if
> it does any macro expansion.
>
> I was going to e-mail the author of the post, but cloudflare won't let me see
> his e-mail address.
There is an envelope icon in the top right (CC'd).
Re: Emacs Arbitrary Code Execution and How to Avoid It, Jean Louis, 2024/12/04