"Marco Baringer" mb@bese.it writes:
lgorrie@common-lisp.net (Luke Gorrie) writes:
- slime.el (slime-enable-evaluate-in-emacs): New variable.
- (evaluate-in-emacs): Security improvement: If
- slime-enable-evaluate-in-emacs is nil (the default), don't
- evaluate forms sent by the Lisp.
what is the security risk (which isn't already present just by having slime connected) which evaluate-in-emacs adds?
The Lisp program could reside on an untrusted host. It should not be allowed to execute arbitrary code on the host where Emacs runs.