29 Aug
2005
29 Aug
'05
9:06 a.m.
"Marco Baringer" <mb@bese.it> writes:
lgorrie@common-lisp.net (Luke Gorrie) writes:
+ * slime.el (slime-enable-evaluate-in-emacs): New variable. + (evaluate-in-emacs): Security improvement: If + slime-enable-evaluate-in-emacs is nil (the default), don't + evaluate forms sent by the Lisp.
what is the security risk (which isn't already present just by having slime connected) which evaluate-in-emacs adds?
The Lisp program could reside on an untrusted host. It should not be allowed to execute arbitrary code on the host where Emacs runs. -- Matthias Köppe -- http://www.math.uni-magdeburg.de/~mkoeppe