Re: One vs many directories

emacs-orgmode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: One vs many directories

From:	Tim Cross
Subject:	Re: One vs many directories
Date:	Wed, 25 Nov 2020 07:39:20 +1100
User-agent:	mu4e 1.5.7; emacs 27.1.50

Tom Gillespie <tgbugs@gmail.com> writes:

>> > That is security issue.
>>
>> Why is it a security issue? The variables do need to be close to the end
>> — 3000 characters is only about 50 lines.
>
> It isn't a security issue by itself. Emacs never automatically runs
> eval file local variables unless you have tampered with
> enable-local-eval, in which case the tamperin is the security issue
> not the existence of the local variables list.
>
> Thus it is only a security issue if you permanently accept that eval
> file local variable and then open random org files that use it with a
> malicious startup block. An eval file local variable like that which
> blindly executes an org babel block should never be permanently
> accepted
>

Quite right Tom.

If people are really concerned about security, they should look first at
their use of repositories like MELPA. There is no formal review or
analysis of packages in these repositories, yet people will happily
select some package and install it.


--
Tim Cross

[Prev in Thread]

Current Thread

[Next in Thread]

Re: One vs many directories, (continued)

Prev by Date: Re: One vs many directories
Next by Date: Re: Differentiate source blocks in export?
Previous by thread: Re: One vs many directories
Next by thread: Re: One vs many directories
Index(es):
- Date
- Thread