.Emacs dosyamı yaklaşık 18 yıl önce bir arkadaşımdan miras aldım. Ortada gömülü olan, enable-local-variables
özelliğin güvenlik üzerindeki etkileri hakkında aşağıdaki uğursuz yorum uyarısıdır :
;; Date: Wed, 7 Dec 1994 11:57:50 -0600
;; From: blob@syl.dl.nec.com (David Blob)
;; Subject: Self-extracting emacs elisp code
;;
;; With all this talk about self extracting mail "viruses", a friend
;; showed me that in emacs (which I use to read mail, along with vm)
;; has the ability to self-extract elisp code. This feature seems to
;; be turned on by default, and it not only applies to mail read with
;; emacs, but rather every file visited (when the feature is on, of
;; course).
;;
;; The way it works is by having a line which reads "Local Variables:"
;; followed by the lisp variables you would like to set...well, it may
;; seem petty, but you can execute programs, make connections and much
;; more through cleverly written elisp code contained within.
;;
;; It's simple to turn off, at any rate...
;;
;; (setq enable-local-variables f) ;; turns off feature (in emacs 19)
;; (setq enable-local-variables 1) ;; makes it ask first (in emacs 19)
;; (setq inhibit-local-variables t) ;; turns off feature (in emacs 18)
;;
;; Anyhow, I think the risks here speak for themselves...
;;
(setq enable-local-variables '())
Bu yüzden, local-variables
özelliği oldukça kullanışlı gibi görünse bile aslında hiç kullanmadım . Bunun enable-local-variables
keyfi kod enjeksiyon saldırılarına maruz kalmadan faydalı bir şey yapmasının bir yolu var mı ?