Alan Ruttenberg alanr-l@mumble.net writes:
I'm trying to understand where this would be a legitimate concern. The only situation I can imagine, given that you are in the repl already (and hence have full access to the lisp and emacs) is that you want to use slime to debug a potentially compromised lisp. In that case one could imagine whoever compromised the lisp waiting for you to connect with slime and then pounce on your emacs. Is that the situation you were thinking about Matthias?
Yes, exactly.
If I connect to a compromised host by the FTP/TELNET/HTTP protocols, it is not desirable that the host can have my machine execute arbitrary code. I don't see why it should be different (by design!) if I connect to a compromised host by the SWANK protocol.