Mercurial > emacs
comparison man/faq.texi @ 72014:0429cbee770a
* faq.texi (Security risks with Emacs): Document Emacs 22
file-local-variable mechanism.
author | Chong Yidong <cyd@stupidchicken.com> |
---|---|
date | Wed, 19 Jul 2006 02:22:51 +0000 |
parents | 6edfaf0b0ec6 |
children | c7e4f78b81a6 |
comparison
equal
deleted
inserted
replaced
72013:020b2d549ca8 | 72014:0429cbee770a |
---|---|
3123 the end of the file. This feature also includes the ability to have | 3123 the end of the file. This feature also includes the ability to have |
3124 arbitrary Emacs Lisp code evaluated when the file is visited. | 3124 arbitrary Emacs Lisp code evaluated when the file is visited. |
3125 Obviously, there is a potential for Trojan horses to exploit this | 3125 Obviously, there is a potential for Trojan horses to exploit this |
3126 feature. | 3126 feature. |
3127 | 3127 |
3128 Emacs 18 allowed this feature by default; users could disable it by | 3128 As of Emacs 22, Emacs has a list of local variables that are known to |
3129 setting the variable @code{inhibit-local-variables} to a non-@code{nil} value. | 3129 be safe to set. If a file tries to set any variable outside this |
3130 | 3130 list, it asks the user to confirm whether the variables should be set. |
3131 As of Emacs 19, Emacs has a list of local variables that create a | 3131 You can also tell Emacs whether to allow the evaluation of Emacs Lisp |
3132 security risk. If a file tries to set one of them, it asks the user to | 3132 code found at the bottom of files by setting the variable |
3133 confirm whether the variables should be set. You can also tell Emacs | 3133 @code{enable-local-eval}. |
3134 whether to allow the evaluation of Emacs Lisp code found at the bottom | |
3135 of files by setting the variable @code{enable-local-eval}. | |
3136 | 3134 |
3137 For more information, @inforef{File Variables, File Variables, emacs}. | 3135 For more information, @inforef{File Variables, File Variables, emacs}. |
3138 | 3136 |
3139 @item | 3137 @item |
3140 Synthetic X events. (Yes, a risk; use @samp{MIT-MAGIC-COOKIE-1} or | 3138 Synthetic X events. (Yes, a risk; use @samp{MIT-MAGIC-COOKIE-1} or |