GNU bug report logs -
#75017
31.0.50; Untrusted user lisp files
Previous Next
Full log
View this message in rfc822 format
john muhl <jm <at> pub.pink> writes:
> user-init-file is trusted by default but not other user files.
>
> C-xf ~/.emacs.d/early-init.el
> M-x flymake-mode
>
> Produces a warning:
>
> Disabling elisp-flymake-byte-compile in early-init.el (untrusted content)
>
> custom-file (when not the same as user-init-file) also causes a
> warning. Should these also be trusted by default?
>
> What about files put in place by a system admin or your distro’s
> Emacs package (e.g. site-run-file, default.el)? They generally
> require root priviledges to install so if they can’t be trusted
> you’re already in trouble.
Makes sense to me.
Maybe we should install something like the below?
diff --git a/lisp/files.el b/lisp/files.el
index c92fc0608dd..293f3c59c0d 100644
--- a/lisp/files.el
+++ b/lisp/files.el
@@ -748,10 +748,16 @@ trusted-content-p
(with-demoted-errors "trusted-content-p: %S"
(let ((exists (file-exists-p buffer-file-truename)))
(or
- ;; We can't avoid trusting the user's init file.
- (if (and exists user-init-file)
- (file-equal-p buffer-file-truename user-init-file)
- (equal buffer-file-truename user-init-file))
+ ;; We can't avoid trusting the user's init file, etc.
+ (memq t
+ (mapcar
+ (lambda (file)
+ (if (and exists file)
+ (file-equal-p buffer-file-truename file)
+ (equal buffer-file-truename file)))
+ (list user-init-file
+ early-init-file
+ site-run-file)))
(let ((file (abbreviate-file-name buffer-file-truename))
(trusted nil))
(dolist (tf trusted-content)
This bug report was last modified 171 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.