Re: eval and security

help-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: eval and security

From:	Andreas Röhler
Subject:	Re: eval and security
Date:	Mon, 24 Oct 2016 19:40:54 +0200
User-agent:	Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Icedove/45.4.0



On 24.10.2016 14:31, tomas@tuxteam.de wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Oct 24, 2016 at 02:20:44PM +0200, Andreas Röhler wrote:

Hi,

remember a saying like "avoid calls like (eval 'my-symbol) in
lisp-code" as related to security issues.

Is there some reading to learn more? Maybe I'm mistaking something?

Perhaps because a randomly downloaded package can redefine 'my-symbol
to be something evil?

Yes, that would be the problem. However, the way Emacs works, any symbolmight be replaced by such a package, right?

[Prev in Thread]

Current Thread

[Next in Thread]

eval and security, Andreas Röhler, 2016/10/24
- Re: eval and security, tomas, 2016/10/24
  - Re: eval and security, Andreas Röhler <=
  - Re: eval and security, Philipp Stephani, 2016/10/24
    - Re: eval and security, Andreas Röhler, 2016/10/25

Prev by Date: Re: eval and security
Next by Date: Re: eval and security
Previous by thread: Re: eval and security
Next by thread: Re: eval and security
Index(es):
- Date
- Thread