[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#44018: Don't consider play-sound-file to be a 'safe' function
From: |
Eli Zaretskii |
Subject: |
bug#44018: Don't consider play-sound-file to be a 'safe' function |
Date: |
Mon, 26 Oct 2020 20:28:43 +0200 |
> From: Mattias Engdegård <mattiase@acm.org>
> Date: Mon, 26 Oct 2020 18:38:07 +0100
> Cc: "Basil L. Contovounesios" <contovob@tcd.ie>, larsi@gnus.org,
> 44018@debbugs.gnu.org
>
> >> What is a safe Lisp expression? Basically, it's an expression that
> >> calls only built-in functions with no side effects (or only innocuous
> >> ones). Innocuous side effects include displaying messages and
> >> altering non-risky buffer-local variables (but not global variables).
> >
> > Thanks. But this seems to say 'message' should be considered safe?
>
> What counted as 'innocuous' back then may not do so today.
> Freely displaying messages to the user as if they came from a trusted system
> isn't necessarily harmless by modern standards of security.
So you are saying 'message' is not safe because it could be used to
display text that isn't "innocuous"? In that case, we should also
remove from the list 'error' and 'signal', no?
bug#44018: Don't consider play-sound-file to be a 'safe' function, Lars Ingebrigtsen, 2020/10/16
- bug#44018: Don't consider play-sound-file to be a 'safe' function, Eli Zaretskii, 2020/10/16
- bug#44018: Don't consider play-sound-file to be a 'safe' function, Basil L. Contovounesios, 2020/10/26
- bug#44018: Don't consider play-sound-file to be a 'safe' function, Eli Zaretskii, 2020/10/26
- bug#44018: Don't consider play-sound-file to be a 'safe' function, Mattias Engdegård, 2020/10/26
- bug#44018: Don't consider play-sound-file to be a 'safe' function,
Eli Zaretskii <=
- bug#44018: Don't consider play-sound-file to be a 'safe' function, Mattias Engdegård, 2020/10/26
- bug#44018: Don't consider play-sound-file to be a 'safe' function, Eli Zaretskii, 2020/10/31
- bug#44018: Don't consider play-sound-file to be a 'safe' function, Mattias Engdegård, 2020/10/31