bug#44018: Don't consider play-sound-file to be a 'safe' function

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#44018: Don't consider play-sound-file to be a 'safe' function

From:	Lars Ingebrigtsen
Subject:	bug#44018: Don't consider play-sound-file to be a 'safe' function
Date:	Fri, 16 Oct 2020 07:39:05 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)

Eli Zaretskii <eliz@gnu.org> writes:

> Are the risks the same on all the supported platforms, or just on
> some?

My understanding of unsafep.el isn't that it's trying to protect against
any particular exploits, but just give a list of things that are totally
and utterly OK to eval.  So you have stuff like:

commit a8c41b4c0d3b0a3e87f17bbcdd8ac12dae296b3a
Author:     Chong Yidong <cyd@stupidchicken.com>
AuthorDate: Mon Oct 18 13:28:20 2010 -0400

    Don't allow functions that display messages in unsafep.

So even `message' isn't "safe" in this context.  I think it's odd to
have `play-sound-file' marked as "safe" if `message' isn't.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

[Prev in Thread]

Current Thread

[Next in Thread]

bug#44018: Don't consider play-sound-file to be a 'safe' function, (continued)

Prev by Date: bug#44021: delete-non-matching-lines optional arg REND not really optional
Next by Date: bug#43356: Gnus: caching message headers? bug#43356
Previous by thread: bug#44018: Don't consider play-sound-file to be a 'safe' function
Next by thread: bug#44018: Don't consider play-sound-file to be a 'safe' function
Index(es):
- Date
- Thread