GNU bug report logs - #41619
[PATCH] Mark python-shell-virtualenv-root as safe local variable

Previous Next

Package: emacs;

Reported by: "Philip K." <philip.kaludercic <at> fau.de>

Date: Sat, 30 May 2020 20:32:02 UTC

Severity: normal

Tags: patch

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #28 received at 41619 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: "Philip K." <philip <at> warpmail.net>
Cc: 41619 <at> debbugs.gnu.org, rgm <at> gnu.org
Subject: Re: bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe
 local variable
Date: Tue, 16 Jun 2020 20:54:06 +0300

> From: "Philip K." <philip <at> warpmail.net>
> Cc: rgm <at> gnu.org, 41619 <at> debbugs.gnu.org
> Date: Tue, 16 Jun 2020 19:32:52 +0200
> 
> > So all we need is to remove the :safe attribute from the variable?  Or
> > something else?
> 
> That would make it harder for projects to hide malicious values of
> python-shell-virtualenv-root, but it's still an attack vector in
> principle.

Then I don't think I understand how you suggest to fix this.

This bug report was last modified 5 years and 68 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #41619 [PATCH] Mark python-shell-virtualenv-root as safe local variable

GNU bug report logs - #41619
[PATCH] Mark python-shell-virtualenv-root as safe local variable