GNU bug report logs - #21436
non-safe local variables ignored if so requested

Previous Next

Package: emacs;

Reported by: sds <at> gnu.org

Date: Tue, 8 Sep 2015 17:21:01 UTC

Severity: normal

Tags: notabug

Found in version 25.0.50

Done: Glenn Morris <rgm <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Stefan Monnier <monnier <at> IRO.UMontreal.CA>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 21436 <at> debbugs.gnu.org, Sam Steingold <sds <at> gnu.org>
Subject: bug#21436: 25.0.50; dir local variables are ignored
Date: Wed, 09 Sep 2015 13:43:44 -0400

>> why isn't python-shell-extra-pythonpaths safe?

Just think of ways you (as an attacker) could set this variable in
a file, then pass this file to a user (maybe a user on the same machine)
and see this user run the code you choose.


        Stefan

This bug report was last modified 9 years and 318 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #21436 non-safe local variables ignored if so requested

GNU bug report logs - #21436
non-safe local variables ignored if so requested