Zach Beane xach@xach.com writes:
Madhu enometh@meer.net writes:
- Zach Beane m37ierik0t.fsf@unnamed.xach.com :
Wrote on Mon, 21 Apr 2008 06:23:30 -0400: |> Besides, not only is it not complicating things, it is The Right Thing |> To Do. | | I don't think you should stop there. There is a dangerous file named | swank.lisp that is loaded by the lisp and slime.el is loaded by | emacs. An attacker thwarted by your ChangeLog fix could still modify | any of those files and take over your computer when you start slime!
See URL:http://permalink.gmane.org/gmane.lisp.slime.devel/7300 upthread in this thread where I explained why swank.lisp and slime.el are not a problem.
I saw it. Count me as one of the unpersuaded.
AOL. We're talking about an attacker who can somehow modify or replace the Changelog file, but who cannot modify or replace swank.lisp or slime.el sitting right next to it in the same directory.
An argument in support of binding read-eval to nil around read in this specific case could still be made: that an inexperienced coder browsing the slime sources would learn about *read-eval* that way.
Rudi