GNU bug report logs -
#21436
non-safe local variables ignored if so requested
Previous Next
Reported by: sds <at> gnu.org
Date: Tue, 8 Sep 2015 17:21:01 UTC
Severity: normal
Tags: notabug
Found in version 25.0.50
Done: Glenn Morris <rgm <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 21436 in the body.
You can then email your comments to 21436 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#21436; Package
emacs.
(Tue, 08 Sep 2015 17:21:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
sds <at> gnu.org:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Tue, 08 Sep 2015 17:21:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
My .dir-locals.el is
--8<---------------cut here---------------start------------->8---
((python-mode . ((python-shell-extra-pythonpaths . ("../utils" "")))))
--8<---------------cut here---------------end--------------->8---
nevertheless the value of `python-shell-extra-pythonpaths' in the python
buffer is `nil' even after an explicit M-: (hack-dir-local-variables)
RET or killing the buffer and re-visiting the file.
enable-local-variables ==> :safe
enable-dir-local-variables ==> t
dir-local-variables-alist ==> ((python-shell-extra-pythonpaths "../utils" ""))
The doc seems to support this behavior:
--8<---------------cut here---------------start------------->8---
hack-dir-local-variables is a compiled Lisp function in ‘files.el’.
Read per-directory local variables for the current buffer.
Store the directory-local variables in ‘dir-local-variables-alist’
and ‘file-local-variables-alist’, without applying them.
--8<---------------cut here---------------end--------------->8---
however, ISTR that `hack-dir-local-variables' did install the local
vars.
so, what do I need to do to get the dir-local vars to take effect?
In GNU Emacs 25.0.50.3 (x86_64-apple-darwin14.5.0, NS appkit-1348.17 Version 10.10.5 (Build 14F27))
of 2015-09-08
Repository revision: 48857075c96c00bdbf8536e25234d33ed1b6e3b9
Windowing system distributor 'Apple', version 10.3.1348
Configured using:
'configure --with-ns'
Configured features:
JPEG IMAGEMAGICK ACL LIBXML2 ZLIB TOOLKIT_SCROLL_BARS NS
Important settings:
value of $LANG: C
locale-coding-system: utf-8-unix
Major mode: Python
Minor modes in effect:
diff-auto-refine-mode: t
anaconda-mode: t
rcirc-track-minor-mode: t
which-function-mode: t
url-handler-mode: t
show-paren-mode: t
desktop-save-mode: t
shell-dirtrack-mode: t
tooltip-mode: t
global-eldoc-mode: t
eldoc-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
column-number-mode: t
line-number-mode: t
abbrev-mode: t
Recent messages:
Load-path shadows:
None found.
Features:
(shadow sort bbdb-message mailalias cookie1 flyspell ispell mail-extr
gnus-msg gnus-art mm-uu mml2015 mm-view mml-smime smime dig mailcap
gnus-sum gnus-group gnus-undo gnus-start gnus-cloud nnimap nnmail
mail-source tls utf7 netrc nnoo parse-time gnus-spec gnus-int gnus-range
gnus-win emacsbug message rfc822 mml mml-sec mm-decode mm-bodies
mm-encode mail-parse rfc2231 gmm-utils mailheader sendmail rfc2047
rfc2045 ietf-drums time-stamp apropos dabbrev tramp-cache debug skeleton
misearch multi-isearch vc-bzr vc-src vc-sccs vc-svn vc-cvs vc-rcs vc-dir
ewoc vc remember vc-dispatcher image-mode dired-aux dired vc-hg vc-git
diff-mode easy-mmode anaconda-mode f s ucs-normalize dash json-rpc
python-x folding-isearch folding python tramp-sh tramp tramp-compat
tramp-loaddefs trampver json finder-inf package epg-config warnings
midnight gnus gnus-ems nnheader mail-utils wid-edit bbdb-mua bbdb-com
crm mailabbrev bbdb-loaddefs bbdb bbdb-site timezone rcirc server
which-func imenu url-handlers url-parse auth-source cl-seq eieio
eieio-core cl-macs gnus-util mm-util help-fns mail-prsvr password-cache
url-vars paren help-at-pt desktop frameset cus-start cus-load ido seq
byte-opt bytecomp byte-compile cconv cl-extra help-mode ess-toolbar
ess-mouse mouseme thingatpt browse-url ess-menu ess-swv ess-noweb
ess-noweb-font-lock-mode ess-bugs-l essd-els ess-sas-d ess-sas-l
ess-sas-a shell pcomplete ess-sta-d ess-sta-l cc-vars cc-defs
make-regexp ess-sp6-d ess-sp3-d ess-julia ess-r-d ess-r-completion
compile ess-tracebug format-spec ess-roxy advice hideshow ess-help
ess-developer ess-s-l ess ess-inf comint ansi-color ring ess-mode
ess-noweb-mode ess-utils ess-custom executable easymenu ess-compat
ess-site cl gv cl-loaddefs pcase cl-lib time-date mule-util tooltip
eldoc electric uniquify ediff-hook vc-hooks lisp-float-type mwheel
ns-win term/common-win tool-bar dnd fontset image regexp-opt fringe
tabulated-list newcomment elisp-mode lisp-mode prog-mode register page
menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock
syntax facemenu font-core frame cl-generic cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms
cp51932 hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese charscript case-table epa-hook jka-cmpr-hook help
simple abbrev minibuffer cl-preloaded nadvice loaddefs button faces
cus-face macroexp files text-properties overlay sha1 md5 base64 format
env code-pages mule custom widget hashtable-print-readable backquote
cocoa ns multi-tty make-network-process emacs)
Memory information:
((conses 16 523930 33265)
(symbols 48 66127 0)
(miscs 40 6106 69)
(strings 32 183271 16989)
(string-bytes 1 4406061)
(vectors 16 71432)
(vector-slots 8 1033994 2707)
(floats 8 486 794)
(intervals 56 3014 0)
(buffers 976 32))
--
Sam Steingold (http://sds.podval.org/) on darwin Ns 10.3.1348
http://www.childpsy.net/ http://think-israel.org http://camera.org
http://mideasttruth.com http://ffii.org http://memri.org http://truepeace.org
Never argue with an idiot: he has more experience with idiotic
arguments.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#21436; Package
emacs.
(Tue, 08 Sep 2015 22:08:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 21436 <at> debbugs.gnu.org (full text, mbox):
Sam Steingold wrote:
> My .dir-locals.el is
>
> --8<---------------cut here---------------start------------->8---
> ((python-mode . ((python-shell-extra-pythonpaths . ("../utils" "")))))
> --8<---------------cut here---------------end--------------->8---
Works for me with emacs -Q.
> enable-local-variables ==> :safe
[non-standard setting]
And if you test it in emacs -Q, you'll see why it does not work for you.
Changed bug title to 'non-safe local variables ignored if so requested' from '25.0.50; dir local variables are ignored'
Request was from
Glenn Morris <rgm <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Tue, 08 Sep 2015 22:10:02 GMT)
Full text and
rfc822 format available.
Added tag(s) notabug.
Request was from
Glenn Morris <rgm <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Tue, 08 Sep 2015 22:10:02 GMT)
Full text and
rfc822 format available.
bug closed, send any further explanations to
21436 <at> debbugs.gnu.org and sds <at> gnu.org
Request was from
Glenn Morris <rgm <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Tue, 08 Sep 2015 22:10:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#21436; Package
emacs.
(Tue, 08 Sep 2015 23:05:01 GMT)
Full text and
rfc822 format available.
Message #17 received at 21436 <at> debbugs.gnu.org (full text, mbox):
thanks for your help!
why isn't python-shell-extra-pythonpaths safe?
where is it marked unsafe?
how do I mark it safe?
this is a recent change, why was it made?
On Tue, Sep 8, 2015 at 6:07 PM, Glenn Morris <rgm <at> gnu.org> wrote:
> Sam Steingold wrote:
>
>> My .dir-locals.el is
>>
>> --8<---------------cut here---------------start------------->8---
>> ((python-mode . ((python-shell-extra-pythonpaths . ("../utils" "")))))
>> --8<---------------cut here---------------end--------------->8---
>
> Works for me with emacs -Q.
>
>> enable-local-variables ==> :safe
>
> [non-standard setting]
>
> And if you test it in emacs -Q, you'll see why it does not work for you.
--
Sam Steingold <http://sds.podval.org> <http://www.childpsy.net/>
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#21436; Package
emacs.
(Wed, 09 Sep 2015 17:04:01 GMT)
Full text and
rfc822 format available.
Message #20 received at 21436 <at> debbugs.gnu.org (full text, mbox):
Sam Steingold wrote:
> why isn't python-shell-extra-pythonpaths safe?
> where is it marked unsafe?
> how do I mark it safe?
> this is a recent change, why was it made?
It may help to check the manuals and the git log.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#21436; Package
emacs.
(Wed, 09 Sep 2015 17:44:01 GMT)
Full text and
rfc822 format available.
Message #23 received at 21436 <at> debbugs.gnu.org (full text, mbox):
>> why isn't python-shell-extra-pythonpaths safe?
Just think of ways you (as an attacker) could set this variable in
a file, then pass this file to a user (maybe a user on the same machine)
and see this user run the code you choose.
Stefan
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Thu, 08 Oct 2015 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 9 years and 316 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.