help-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: eval and security


From: Andreas Röhler
Subject: Re: eval and security
Date: Tue, 25 Oct 2016 09:34:40 +0200
User-agent: Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Icedove/45.4.0



On 24.10.2016 20:50, Philipp Stephani wrote:
<tomas@tuxteam.de> schrieb am Mo., 24. Okt. 2016 um 14:32 Uhr:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Oct 24, 2016 at 02:20:44PM +0200, Andreas Röhler wrote:
Hi,

remember a saying like "avoid calls like (eval 'my-symbol) in
lisp-code" as related to security issues.

Is there some reading to learn more? Maybe I'm mistaking something?
Perhaps because a randomly downloaded package can redefine 'my-symbol
to be something evil?

Randomly downloaded packages can just say
(eval-when-compile (shell-command "rm -rf /"))
No need to override symbols to do something evil.

For the moment taking `symbol-value' as less powerful and sufficient at the use-cases - later calls to `looking-at' etc.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]