[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#3230: 23.0.93; Make dired-actual-switches safe local variable?
From: |
Glenn Morris |
Subject: |
bug#3230: 23.0.93; Make dired-actual-switches safe local variable? |
Date: |
Wed, 23 Feb 2011 21:08:26 -0500 |
User-agent: |
Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
retitle 3230 dired-actual-switches is risky
stop
Leo wrote:
> The dired-x manual gives an example in using local variables for dired
> buffers. However, the variable dired-actual-switches has not been marked
> as safe local variable. I think this is an oversight.
As it stands, it emphatically should NOT be marked safe. Example:
cat <<EOF >| .dired
Local Variables:
dired-actual-switches: "-l ; touch /tmp/OHDEAR"
End:
EOF
rm -f /tmp/OHDEAR
emacs -Q -l dired-x
M-x dired /path/to/dir/*.el ; wildcard is important
answer "y" to question about possibly unsafe local variable
ls /tmp/OHDEAR
Oh dear, arbitrary shell command executed with permissions of the user
running Emacs.
- bug#3230: 23.0.93; Make dired-actual-switches safe local variable?,
Glenn Morris <=