[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Access control in Emacs?
|
From: |
Richard Stallman |
|
Subject: |
Re: Access control in Emacs? |
|
Date: |
Wed, 15 Sep 2021 16:11:20 -0400 |
[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> > I’m adding more powerful features to crdt.el including buffer local
variable
> > synchronizations and arbitrary remote command/function call,
> Given the way Emacs is designed/structured this is a recipe for big
> gaping security holes. It can be OK to allow such things for *very*
> specific cases (a few specific well understood variables), but even such
> a "whitelist" is a problem because it requires careful and
> long term maintenance.
This is a crucial issue, so we should keep it in mind if we change
anything that affects the handling of buffer-local variables.
--
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)