<tomas@tuxteam.de> schrieb am Mo., 24. Okt. 2016 um 14:32 Uhr:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, Oct 24, 2016 at 02:20:44PM +0200, Andreas Röhler wrote:
Hi,
remember a saying like "avoid calls like (eval 'my-symbol) in
lisp-code" as related to security issues.
Is there some reading to learn more? Maybe I'm mistaking something?
Perhaps because a randomly downloaded package can redefine 'my-symbol
to be something evil?
Randomly downloaded packages can just say
(eval-when-compile (shell-command "rm -rf /"))
No need to override symbols to do something evil.