GNU bug report logs - #48452
28.0.50; flymake for elisp does not respect `load-path`

Package: emacs;

Reported by: Max Brieiev <max.brieiev <at> gmail.com>

Date: Sat, 15 May 2021 20:47:02 UTC

Severity: normal

Found in version 28.0.50

View this message in rfc822 format

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: João Távora <joaotavora <at> gmail.com>
Cc: Max Brieiev <max.brieiev <at> gmail.com>, 48452 <at> debbugs.gnu.org
Subject: bug#48452: 28.0.50; flymake for elisp does not respect `load-path`
Date: Sat, 23 Jul 2022 07:50:54 +0200

João Távora <joaotavora <at> gmail.com> writes:

> If you don't elaborate, we have no way of understanding whether this
> is a genuine expansion of the "disaster vector" that is already
> intrinsic to this particular Flymake backend.

I think I already mentioned the problem of editing files in /tmp/?
That's the whole point of not having ./ in load-path -- you can
inadvertently load code under control of an attacker.

It seems to me that there's two useful values for load-path in the
Flymake backend: Either just the standard load-path (so that you
actually get the same results as when doing a batch byte-compile) or the
current running load-path (so that you get the same results as when you
`require' the file from your .emacs, say).  Altering the load-path to
also include the ELPA directories doesn't really help much, because
people have all kinds of code that's not in ELPA (but is in their
load-path).

This bug report was last modified 2 years and 298 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #48452 28.0.50; flymake for elisp does not respect `load-path`

GNU bug report logs - #48452
28.0.50; flymake for elisp does not respect `load-path`