Bugtraq mailing list archives
Re: Virus's -- This is an Emacs bomb (fwd)
From: friedman () gnu ai mit edu (Noah Friedman)
Date: Tue, 6 Dec 94 14:55:11 CST
Emacs mail readers don't evaluate local variables when they read in a folder, because they are not visiting the file proper; they are reading in formatted data (i.e. messages) from a file. It doesn't make sense to evaluate variables that are part of a message. It's possible that very old versions of VM didn't protect against this, but it was fixed a long time ago; at any rate, VM 5.72 (the current version) is safe. Rmail never had the problem. In general, if you are paranoid about setting buffer-local variables when you visit arbitrary files, you can put the following in your .emacs: ;; for emacs 19 (setq enable-local-eval nil) (setq enable-local-variables nil) ;; for emacs 18 (setq inhibit-local-variables t) Too bad some people are so paranoid about security that they happily sacrifice useful functionality. After all, every other user on the system is clearly out to get them using any available opportunity...
Current thread:
- Re: Virus's -- This is an Emacs bomb (fwd) Noah Friedman (Dec 06)
- <Possible follow-ups>
- Re: Virus's -- This is an Emacs bomb (fwd) Michael Bresnahan (Dec 07)
- Re: Virus's -- This is an Emacs bomb (fwd) Noah Friedman (Dec 07)