[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
emacs-30 5485ea6aef9: Do not set `trusted-content` in major modes
From: |
Stefan Kangas |
Subject: |
emacs-30 5485ea6aef9: Do not set `trusted-content` in major modes |
Date: |
Thu, 30 Jan 2025 19:50:59 -0500 (EST) |
branch: emacs-30
commit 5485ea6aef91c65a0ce300347db3c0ac138ad550
Author: Stefan Kangas <stefankangas@gmail.com>
Commit: Stefan Kangas <stefankangas@gmail.com>
Do not set `trusted-content` in major modes
* lisp/progmodes/elisp-mode.el (lisp-interaction-mode):
* lisp/ielm.el (inferior-emacs-lisp-mode): Do not set `trusted-content.
* lisp/ielm.el (ielm):
* lisp/simple.el (get-scratch-buffer-create): Set `trusted-content` here
instead.
* lisp/files.el (trusted-content): Doc fix; warn against setting this
option to :all in a major or mode mode.
Problem reported by Max Nikulin <manikulin@gmail.com>.
---
etc/NEWS | 3 +++
lisp/files.el | 5 +++--
lisp/ielm.el | 4 ++--
lisp/progmodes/elisp-mode.el | 3 +--
lisp/simple.el | 4 +++-
5 files changed, 12 insertions(+), 7 deletions(-)
diff --git a/etc/NEWS b/etc/NEWS
index fbfb9086430..da3a1d670e7 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -193,6 +193,9 @@ For example, Flymake's backend for Emacs Lisp consults this
option
and disables itself with an "untrusted content" warning if the file
is not listed.
+Emacs Lisp authors should note that a major or minor mode must never set
+this variable to the ':all' value.
+
This option is used to fix CVE-2024-53920. See below for details.
** Emacs now supports Unicode Standard version 15.1.
diff --git a/lisp/files.el b/lisp/files.el
index b64935e8d9e..380721f1fe2 100644
--- a/lisp/files.el
+++ b/lisp/files.el
@@ -724,11 +724,12 @@ enabled (for example, when it is added to a mode hook).
Each element of the list should be a string:
- If it ends in \"/\", it is considered as a directory name and means that
Emacs should trust all the files whose name has this directory as a prefix.
-- else it is considered as a file name.
+- Otherwise, it is considered a file name.
Use abbreviated file names. For example, an entry \"~/mycode/\" means
that Emacs will trust all the files in your directory \"mycode\".
This variable can also be set to `:all', in which case Emacs will trust
-all files, which opens a gaping security hole."
+all files, which opens a gaping security hole. Emacs Lisp authors
+should note that this value must never be set by a major or minor mode."
:type '(choice (repeat :tag "List" file)
(const :tag "Trust everything (DANGEROUS!)" :all))
:version "30.1")
diff --git a/lisp/ielm.el b/lisp/ielm.el
index 561185a738a..b3cd02b4dc0 100644
--- a/lisp/ielm.el
+++ b/lisp/ielm.el
@@ -580,7 +580,6 @@ Customized bindings may be defined in `ielm-map', which
currently contains:
ielm-fontify-input-enable
(comint-fontify-input-mode))
- (setq-local trusted-content :all)
(setq comint-prompt-regexp (concat "^" (regexp-quote ielm-prompt)))
(setq-local paragraph-separate "\\'")
(setq-local paragraph-start comint-prompt-regexp)
@@ -684,7 +683,8 @@ See `inferior-emacs-lisp-mode' for details."
(unless (comint-check-proc buf-name)
(with-current-buffer (get-buffer-create buf-name)
(unless (zerop (buffer-size)) (setq old-point (point)))
- (inferior-emacs-lisp-mode)))
+ (inferior-emacs-lisp-mode)
+ (setq-local trusted-content :all)))
(pop-to-buffer-same-window buf-name)
(when old-point (push-mark old-point))))
diff --git a/lisp/progmodes/elisp-mode.el b/lisp/progmodes/elisp-mode.el
index 59c33c09f0f..a573d9ef864 100644
--- a/lisp/progmodes/elisp-mode.el
+++ b/lisp/progmodes/elisp-mode.el
@@ -1337,8 +1337,7 @@ Semicolons start comments.
\\{lisp-interaction-mode-map}"
:abbrev-table nil
- (setq-local lexical-binding t)
- (setq-local trusted-content :all))
+ (setq-local lexical-binding t))
;;; Emacs Lisp Byte-Code mode
diff --git a/lisp/simple.el b/lisp/simple.el
index da4d20e4f78..152a8c451ac 100644
--- a/lisp/simple.el
+++ b/lisp/simple.el
@@ -11154,7 +11154,9 @@ too short to have a dst element.
(when initial-scratch-message
(insert (substitute-command-keys initial-scratch-message))
(set-buffer-modified-p nil))
- (funcall initial-major-mode))
+ (funcall initial-major-mode)
+ (when (eq initial-major-mode 'lisp-interaction-mode)
+ (setq-local trusted-content :all)))
scratch)))
(defun scratch-buffer ()
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- emacs-30 5485ea6aef9: Do not set `trusted-content` in major modes,
Stefan Kangas <=