Ho ereditato il mio file .emacs da un amico circa 18 anni fa. Sepolto nel mezzo c'è il seguente minaccioso commento di avviso sulle implicazioni di sicurezza della enable-local-variables
funzione:
;; Date: Wed, 7 Dec 1994 11:57:50 -0600
;; From: blob@syl.dl.nec.com (David Blob)
;; Subject: Self-extracting emacs elisp code
;;
;; With all this talk about self extracting mail "viruses", a friend
;; showed me that in emacs (which I use to read mail, along with vm)
;; has the ability to self-extract elisp code. This feature seems to
;; be turned on by default, and it not only applies to mail read with
;; emacs, but rather every file visited (when the feature is on, of
;; course).
;;
;; The way it works is by having a line which reads "Local Variables:"
;; followed by the lisp variables you would like to set...well, it may
;; seem petty, but you can execute programs, make connections and much
;; more through cleverly written elisp code contained within.
;;
;; It's simple to turn off, at any rate...
;;
;; (setq enable-local-variables f) ;; turns off feature (in emacs 19)
;; (setq enable-local-variables 1) ;; makes it ask first (in emacs 19)
;; (setq inhibit-local-variables t) ;; turns off feature (in emacs 18)
;;
;; Anyhow, I think the risks here speak for themselves...
;;
(setq enable-local-variables '())
Quindi non ho mai usato la local-variables
funzionalità, anche se sembra che potrebbe essere abbastanza utile. C'è un modo per enable-local-variables
fare qualcosa di utile senza esponermi ad attacchi arbitrari di iniezione di codice?