[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local varia
From: |
Philip K. |
Subject: |
bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable |
Date: |
Tue, 16 Jun 2020 21:49:44 +0200 |
Eli Zaretskii <eliz@gnu.org> writes:
>> That would make it harder for projects to hide malicious values of
>> python-shell-virtualenv-root, but it's still an attack vector in
>> principle.
>
> Then I don't think I understand how you suggest to fix this.
I don't know either, any directory with a properly configured
dir-locals.el file and a bin/python executable can be exploited if the
user doesn't pay attention in python-mode.
As mentioned above, I agree that the best thing would be to unmark the
variable as safe. I'll try to find out more on how to avoid abitrary
code execution in python, and if there's some way, I would try to
implement it so that the variable can be marked as safe again.
--
Philip K.
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable, Eli Zaretskii, 2020/06/13
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable, Glenn Morris, 2020/06/13
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable, Eli Zaretskii, 2020/06/15
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable, Philip K., 2020/06/16
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable, Eli Zaretskii, 2020/06/16
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable, Philip K., 2020/06/16
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable, Eli Zaretskii, 2020/06/16
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable,
Philip K. <=
- bug#41619: [PATCH] Mark python-shell-virtualenv-root as safe local variable, Eli Zaretskii, 2020/06/20