GNU bug report logs - #75017
31.0.50; Untrusted user lisp files

Previous Next

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Stefan Kangas <stefankangas <at> gmail.com>
Cc: acorallo <at> gnu.org, jm <at> pub.pink, monnier <at> iro.umontreal.ca, 75017 <at> debbugs.gnu.org
Subject: bug#75017: 31.0.50; Untrusted user lisp files
Date: Sun, 22 Dec 2024 20:41:31 +0200

> From: Stefan Kangas <stefankangas <at> gmail.com>
> Date: Sun, 22 Dec 2024 17:36:15 +0000
> Cc: jm <at> pub.pink, 75017 <at> debbugs.gnu.org, acorallo <at> gnu.org
> 
> Eli Zaretskii <eliz <at> gnu.org> writes:
> 
> >> From: Stefan Monnier <monnier <at> iro.umontreal.ca>
> >> Cc: john muhl <jm <at> pub.pink>,  75017 <at> debbugs.gnu.org,  Eli Zaretskii
> >>  <eliz <at> gnu.org>,  Andrea Corallo <acorallo <at> gnu.org>
> >> Date: Sat, 21 Dec 2024 22:16:05 -0500
> >>
> >> > Maybe we should install something like the below?
> >>
> >> Fine by me, but I think this should be added via a new
> >> `trusted-content-function(s)` and added buffer-locally only in
> >> elisp-mode buffers.
> >
> > Sorry, but this is slippery slope.  For starters, no one said that
> > site-run-file is installed by a sysadmin -- that is only so on certain
> > systems.  For example, MS-Windows is generally not in that category.
> 
> It doesn't matter who can edit it.  `site-run-file` is already trusted,
> since it is loaded at run-time before `user-init-file`.

It is loaded if it is there.  On my system, there's no such file, and
I don't expect to have it.  So if such a file somehow materializes
there, I want to know, pronto.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.