From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 02 17:37:32 2011 Received: (at submit) by debbugs.gnu.org; 2 Mar 2011 22:37:32 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Puufk-0005aL-9h for submit@debbugs.gnu.org; Wed, 02 Mar 2011 17:37:32 -0500 Received: from eggs.gnu.org ([140.186.70.92]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Puufi-0005a9-C8 for submit@debbugs.gnu.org; Wed, 02 Mar 2011 17:37:30 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Puufc-0005Qd-Eb for submit@debbugs.gnu.org; Wed, 02 Mar 2011 17:37:25 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW autolearn=unavailable version=3.3.1 Received: from lists.gnu.org ([199.232.76.165]:59572) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Puufc-0005QZ-CP for submit@debbugs.gnu.org; Wed, 02 Mar 2011 17:37:24 -0500 Received: from [140.186.70.92] (port=37286 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Puufb-0002Mr-88 for bug-gnu-emacs@gnu.org; Wed, 02 Mar 2011 17:37:24 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Puufa-0005Pc-1e for bug-gnu-emacs@gnu.org; Wed, 02 Mar 2011 17:37:23 -0500 Received: from mail-wy0-f169.google.com ([74.125.82.169]:60832) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1PuufZ-0005PK-T7 for bug-gnu-emacs@gnu.org; Wed, 02 Mar 2011 17:37:22 -0500 Received: by wyi11 with SMTP id 11so582851wyi.0 for ; Wed, 02 Mar 2011 14:37:20 -0800 (PST) MIME-Version: 1.0 Received: by 10.216.156.149 with SMTP id m21mr1213015wek.22.1299105439995; Wed, 02 Mar 2011 14:37:19 -0800 (PST) Received: by 10.216.26.4 with HTTP; Wed, 2 Mar 2011 14:37:19 -0800 (PST) Date: Wed, 2 Mar 2011 17:37:19 -0500 X-Google-Sender-Auth: lCfGXcgP-JM8mQm6vAAotcLWaQU Message-ID: Subject: `hack-local-variables-confirm' <-- a confirmed hack! From: MON KEY To: bug-gnu-emacs@gnu.org Content-Type: text/plain; charset=UTF-8 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 199.232.76.165 X-Spam-Score: -5.2 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -5.2 (-----) `hack-local-variables-confirm' should prompt for an alternative location to save the safe local variables it "hacks". As it is now, inadvertently selecting/typing "!" gives `customize-save-variable' opportunity to trash my otherwise _empty_ custom file. I don't wish to store large lists of safe-local-variables in either my `custom-file' or `user-init-file' and have chosen instead to store these elsewhere esp. where these pertain Common Lisp related prop-line variables. There are myriad Common Lisp related variables (current and legacy) which appear in the prop-line e.g. "Package: FOO;" The safety of a package name (and Emacs poorly informed consideration thereof) is simply _NONE_ of Emacs' business! Moreover, `hack-local-variables-confirm' completely steals focus and hides my cursor with disgusting abuse around these forms: (set (make-local-variable 'cursor-type) nil) (let ((cursor-in-echo-area t) (executing-kbd-macro executing-kbd-macro) {...} (condition-case nil (scroll-up) (error (goto-char (point-min)))) Worst of all is that if I "C-g' inside `hack-local-variables-confirm' it doesn't even bother to clean up after itself with an `unwind-protect' and instead leaves behind the "*Local Variables*" buffer created with (get-buffer-create "*Local Variables*"). Presumably this is not an intended feature and is an oversight of `hack-local-variables-confirm' because were I to switch into the lingering "*Local Variables*" buffer to inspect the offending variables I'm not even left with a visible cursor in the buffer!!! -- /s_P\ From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 05 17:02:29 2011 Received: (at 8160) by debbugs.gnu.org; 5 Mar 2011 22:02:30 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PvzYT-00089Q-Hz for submit@debbugs.gnu.org; Sat, 05 Mar 2011 17:02:29 -0500 Received: from vm-emlprdomr-04.its.yale.edu ([130.132.50.145]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1PvzYG-00087J-2k for 8160@debbugs.gnu.org; Sat, 05 Mar 2011 17:02:19 -0500 Received: from furball (c-71-192-165-84.hsd1.ct.comcast.net [71.192.165.84]) (authenticated bits=0) by vm-emlprdomr-04.its.yale.edu (8.14.4/8.14.4) with ESMTP id p25M2AVD016364 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sat, 5 Mar 2011 17:02:10 -0500 Received: by furball (Postfix, from userid 1000) id C00241606BC; Sat, 5 Mar 2011 14:46:14 -0500 (EST) From: Chong Yidong To: MON KEY Subject: Re: bug#8160: `hack-local-variables-confirm' <-- a confirmed hack! References: Date: Sat, 05 Mar 2011 14:46:14 -0500 In-Reply-To: (MON KEY's message of "Wed, 2 Mar 2011 17:37:19 -0500") Message-ID: <87d3m5gxkp.fsf@stupidchicken.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.71 on 130.132.50.145 X-Spam-Score: -2.7 (--) X-Debbugs-Envelope-To: 8160 Cc: 8160@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.6 (--) MON KEY writes: > The safety of a package name (and Emacs poorly informed consideration > thereof) is simply _NONE_ of Emacs' business! If so, (setq enable-local-variables :all) will do the job for you (and possibly lead to security problems, but it's your call). > Worst of all is that if I "C-g' inside `hack-local-variables-confirm' > it doesn't even bother to clean up after itself with an > `unwind-protect' and instead leaves behind the "*Local Variables*" > buffer created with (get-buffer-create "*Local Variables*"). This is so that you can go back and look at what the problematic variables were. From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 06 03:12:13 2011 Received: (at 8160) by debbugs.gnu.org; 6 Mar 2011 08:12:13 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Pw94W-0007jH-UK for submit@debbugs.gnu.org; Sun, 06 Mar 2011 03:12:13 -0500 Received: from mail-wy0-f172.google.com ([74.125.82.172]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Pw94V-0007j6-H5 for 8160@debbugs.gnu.org; Sun, 06 Mar 2011 03:12:12 -0500 Received: by wyb42 with SMTP id 42so3178680wyb.3 for <8160@debbugs.gnu.org>; Sun, 06 Mar 2011 00:12:05 -0800 (PST) MIME-Version: 1.0 Received: by 10.216.166.67 with SMTP id f45mr1102949wel.112.1299399125576; Sun, 06 Mar 2011 00:12:05 -0800 (PST) Received: by 10.216.22.135 with HTTP; Sun, 6 Mar 2011 00:12:05 -0800 (PST) In-Reply-To: <87d3m5gxkp.fsf@stupidchicken.com> References: <87d3m5gxkp.fsf@stupidchicken.com> Date: Sun, 6 Mar 2011 03:12:05 -0500 X-Google-Sender-Auth: vQQ3iC3iRV91GT69406f3Xqc-z8 Message-ID: Subject: Re: bug#8160: `hack-local-variables-confirm' <-- a confirmed hack! From: MON KEY To: Chong Yidong Content-Type: text/plain; charset=UTF-8 X-Spam-Score: -3.7 (---) X-Debbugs-Envelope-To: 8160 Cc: 8160@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -3.7 (---) On Sat, Mar 5, 2011 at 2:46 PM, Chong Yidong wrote: > > If so, (setq enable-local-variables :all) will do the job for you (and > possibly lead to security problems, but it's your call). > What specifically wrt: "[Pp]ackage: FOO;" are the potential security problem(s)? >> Worst of all is that if I "C-g' inside `hack-local-variables-confirm' >> it doesn't even bother to clean up after itself with an >> `unwind-protect' and instead leaves behind the "*Local Variables*" >> buffer created with (get-buffer-create "*Local Variables*"). > > This is so that you can go back and look at what the problematic > variables were. > Yes (as acknowledged of the original bug report): ,---- | Presumably this is not an intended feature and is an oversight of | `hack-local-variables-confirm' because were I to switch into the | lingering "*Local Variables*" buffer to inspect the offending | variables I'm not even left with a visible cursor in the buffer!!! `---- It is understood that this may have been the +intention+ and it falls short by lacking the follow through to unwind-protect from this: (set (make-local-variable 'cursor-type) nil) There is a certain irony here, in order to protect the user form herself implementation of this "security" feature requires Emacs completely stealing focus _and_ all user access to the application top-level by way of a *local-variable*... one which may itself be left in an "unsafe" state. -- /s_P\ From debbugs-submit-bounces@debbugs.gnu.org Thu Jul 14 14:52:05 2011 Received: (at control) by debbugs.gnu.org; 14 Jul 2011 18:52:06 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QhR13-0003aX-Mh for submit@debbugs.gnu.org; Thu, 14 Jul 2011 14:52:05 -0400 Received: from hermes.netfonds.no ([80.91.224.195]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QhR12-0003a4-B4 for control@debbugs.gnu.org; Thu, 14 Jul 2011 14:52:04 -0400 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=quimbies.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1QhR0r-0006pQ-F4 for control@debbugs.gnu.org; Thu, 14 Jul 2011 20:51:53 +0200 Date: Thu, 14 Jul 2011 20:51:52 +0200 Message-Id: To: control@debbugs.gnu.org From: Lars Magne Ingebrigtsen Subject: control message for bug #8160 X-MailScanner-ID: 1QhR0r-0006pQ-F4 X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1311274313.70638@iUWfjVPSc7zZ3Pfabe+XBQ X-Spam-Status: No X-Spam-Score: -2.7 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.7 (--) tags 8160 notabug close 8160 From debbugs-submit-bounces@debbugs.gnu.org Thu Jul 14 15:04:50 2011 Received: (at 8160) by debbugs.gnu.org; 14 Jul 2011 19:04:50 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QhRDI-0004lW-Ba for submit@debbugs.gnu.org; Thu, 14 Jul 2011 15:04:50 -0400 Received: from hermes.netfonds.no ([80.91.224.195]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QhRDC-0004l4-KL for 8160@debbugs.gnu.org; Thu, 14 Jul 2011 15:04:42 -0400 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=quimbies.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1QhRCz-00074r-Bc; Thu, 14 Jul 2011 21:04:25 +0200 From: Lars Magne Ingebrigtsen To: MON KEY Subject: Re: `hack-local-variables-confirm' <-- a confirmed hack! In-Reply-To: (MON KEY's message of "Wed, 2 Mar 2011 17:37:19 -0500") Date: Thu, 14 Jul 2011 20:51:49 +0200 Message-ID: References: User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux) X-Now-Playing: Joni Mitchell's _Don Juan's Reckless Daughter_: "Paprika Plains" X-Hashcash: 1:23:110714:monkey@sandpframing.com::zxXuuvW5wY5ALgYg:0000000000000000000000000000000000000086Ji X-Hashcash: 1:23:110714:8160@debbugs.gnu.org::9eKKhGhO/OZ3zA9o:00000000000000000000000000000000000000000JqaN MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1QhRCz-00074r-Bc X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1311275065.50497@47+5PqIa/9OxL5pKjERdFQ X-Spam-Status: No X-Spam-Score: -2.7 (--) X-Debbugs-Envelope-To: 8160 Cc: 8160@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.7 (--) MON KEY writes: > `hack-local-variables-confirm' should prompt for an alternative > location to save the safe local variables it "hacks". > > As it is now, inadvertently selecting/typing "!" gives > `customize-save-variable' opportunity to trash my otherwise _empty_ > custom file. `customize-save-variable' is how Emacs saves user choices these days, so I don't think this is a bug. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog http://lars.ingebrigtsen.no/ From unknown Mon Jun 23 00:36:18 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 12 Aug 2011 11:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator