emacs-orgmode
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: per-file (or, really, per buffer) allowing/disallowing code block ex


From: tomas
Subject: Re: per-file (or, really, per buffer) allowing/disallowing code block execution
Date: Thu, 8 Sep 2022 19:41:48 +0200

On Thu, Sep 08, 2022 at 12:34:25PM +0000, Fedja Beader wrote:
> Hello Richard, Ihor and Steven,
> 
> I'm aware that file-local variables exist, but it seems that
> all documentation for them put them *into the file*, which is not secure for 
> files downloaded from the internet. What is to stop a malicious file from 
> setting an "yes, execute me automatically" variable?

While loading the file, only "safe variables" are set without
warning (actually it's a bit more complex: specific variable-
value pairs can be marked as "safe".

See e.g. "12.12 File Local Variables" in the elisp manual.

Cheers
-- 
t

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]