guile-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Do not scan for coding declarations in open-file

From: Ludovic Courtès
Subject: Re: [PATCH] Do not scan for coding declarations in open-file
Date: Thu, 31 Jan 2013 22:51:58 +0100
User-agent: Gnus/5.130005 (Ma Gnus v0.5) Emacs/24.2 (gnu/linux) 
Mark H Weaver <address@hidden> skribis:

> My position is that the current coding-auto-detection behavior of
> 'open-file' is likely to lead to security flaws in software built using
> Guile.  The issue is that programs that receive text from an untrusted
> source, write those strings to a file, and then read them back in, is
> potentially vulnerable to hostile coding declarations inserted within
> those strings.

The way Emacs handles this is that it detects the ‘coding:’ cookie and
automatically switches the encoding accordingly.

Just mentioning it, because we seem to be hesitant between two opposite
solutions in the design space: one is Emacs, designed to make things
work by default in practical cases, and the other is POSIX, designed to
leave programmers with all the power of a chainsaw.

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]