GNU bug report logs - #3230
dired-actual-switches is risky

Previous Next

Package: emacs;

Reported by: Leo <sdl.web <at> gmail.com>

Date: Wed, 6 May 2009 14:25:06 UTC

Severity: normal

Fixed in version 24.1

Done: Glenn Morris <rgm <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #24 received at 3230 <at> debbugs.gnu.org (full text, mbox):

From: Leo <sdl.web <at> gmail.com>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: 3230 <at> debbugs.gnu.org, Glenn Morris <rgm <at> gnu.org>
Subject: Re: bug#3230: 23.0.93; Make dired-actual-switches safe local variable?
Date: Fri, 25 Feb 2011 22:38:21 +0800

On 2011-02-24 22:57 +0800, Stefan Monnier wrote:
> Hmm, what about "-l;reboot" ?

Thanks.

> BTW, writing a predicate is the right thing to so, and the predicate
> should then go to safe-local-variable.  I'd recommend something simple
> like
>
>   (defun dired-safe-switches-p (switches)
>     (string-match "\\`[- [[:alnum:]]]+\\'" switches))

A typo: should be [:alnum:].

> Hopefully that one is safe (tho maybe we should check string-length to
> avoid attacks playing on overflow).  And if it proves too restrictive,
> we can make it a bit more permissive once we encounter a particular
> example that warrants it.
>
>         Stefan

I think I like this. Glenn, would you agree to this?

If this is accepted, I have one use case that can be easily done:

I have one directory where I file regularly. I like that directory to be
sorted by time instead of by name in dired. This change will allow me to
set dired-actual-switches to achieve that.

Leo
This bug report was last modified 14 years and 82 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.