bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#44018: Don't consider play-sound-file to be a 'safe' function

From: Eli Zaretskii
Subject: bug#44018: Don't consider play-sound-file to be a 'safe' function
Date: Fri, 16 Oct 2020 09:23:40 +0300 
> From: Lars Ingebrigtsen <larsi@gnus.org>
> Cc: Mattias Engdegård <mattiase@acm.org>,
>   44018@debbugs.gnu.org
> Date: Fri, 16 Oct 2020 07:39:05 +0200
> 
> Eli Zaretskii <eliz@gnu.org> writes:
> 
> > Are the risks the same on all the supported platforms, or just on
> > some?
> 
> My understanding of unsafep.el isn't that it's trying to protect against
> any particular exploits, but just give a list of things that are totally
> and utterly OK to eval.  So you have stuff like:
> 
> commit a8c41b4c0d3b0a3e87f17bbcdd8ac12dae296b3a
> Author:     Chong Yidong <cyd@stupidchicken.com>
> AuthorDate: Mon Oct 18 13:28:20 2010 -0400
> 
>     Don't allow functions that display messages in unsafep.
> 
> So even `message' isn't "safe" in this context.  I think it's odd to
> have `play-sound-file' marked as "safe" if `message' isn't.

Do you understand why 'message' was removed?  I don't, and couldn't
find any discussion on Emacs lists that discussed that; I may have
missed something.  I have no idea why 'message' could be unsafe.
unsafep.el doesn't provide a high-level definition of what is
considered "safe", unfortunately, and was evidently written for SES,
so may have some bias due to that context.  Still, it is not clear to
me why 'message' was removed.

I'm uneasy with doing things when the only argument is "why not?".
Maybe I'm the odd one out, but I generally think we should have a lot
of respect for those who wrote code for Emacs in the past, unless we
have a clear reason to think it was in error of some kind.  So I'm
trying to get to the bottom of an issue when the proposal is clearly
at odds with something we had for years.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]