"Tobias C. Rittweiler" tcr@freebits.de writes:
*read-eval* is currently set to T everywhere something is READ. While I don't currently see anything that could be (at least easily) exploitable, it still leaves an uneasy feeling in my stomach. Especially in the present of things like autodoc.
As I explained before, we cannot use READ in the context of autodoc anyway because of interning.
The use of READ on protocol messages is safe because these messages, as constructed by SLIME, do not contain any "#." It would not hurt though to bind *read-eval* = nil while reading these messages. You don't need a new or changed macro for that.
As far as I know, all other cases where READ is used on Lisp program text that comes from some Emacs buffer, the user has explicitly requested the evaluation or compilation of some code, and we don't want to refuse to evaluate code that depends on *read-eval* = t.
Matthias