GNU bug report logs - #68570
29.1; recompile might not re-use project-compile's buffer

Previous Next

Full log

Message #11 received at 68570 <at> debbugs.gnu.org (full text, mbox):

From: Dmitry Gutov <dmitry <at> gutov.dev>
To: Pengji Zhang <kunhtkun <at> gmail.com>, 68570 <at> debbugs.gnu.org
Subject: Re: bug#68570: 29.1; recompile might not re-use project-compile's
 buffer
Date: Sat, 20 Jan 2024 16:27:58 +0200

On 19/01/2024 22:19, Pengji Zhang wrote:
> I think you meant running `M-x recompile' not in a compilation buffer?
> While I agree that is convenient, I suppose it is better to only use
> `recompile' in a compilation buffer due to security reasons.
> 
> `compile-command' is marked as a safe local variable assuming that the
> user would be prompted to check and confirm the command before running
> it. That is the behavior of `compile' but not `recompile'. For
> example, create a file '/tmp/test.c' with the following contents:
> 
>      /* Local Variables: */
>      /* compile-command: "echo 1" */
>      /* End: */
> 
> Then:
>    - emacs -Q --eval "(require 'compile)"
>    - C-x C-f /tmp/test.c
>    - M-x recompile
> 
> So we could run arbitrary commands without any warning or confirmation.

It seems like you found a security issue in 'M-x recompile'. It's 
orthogonal to this feature request, though.

> Instead of a `project-recompile' command, it might be better to make
> `recompile' find the existing compilation buffer for the current
> buffer, and refuse to run the command (or ask for confirmation) if
> there is no such buffer.

This sounds like a good plan for fixing the above issue.

But the step "find the existing compilation buffer for the current 
buffer" requires compilation-buffer-name-function to be set to an 
appropriate value. And project-compile only binds it temporarily.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.