[slime-devel] Re: Daily ChangeLog diff
Matthias Koeppe
mkoeppe+slime at mail.math.uni-magdeburg.de
Mon Aug 29 09:06:16 UTC 2005
"Marco Baringer" <mb at bese.it> writes:
> lgorrie at common-lisp.net (Luke Gorrie) writes:
>
>> + * slime.el (slime-enable-evaluate-in-emacs): New variable.
>> + (evaluate-in-emacs): Security improvement: If
>> + slime-enable-evaluate-in-emacs is nil (the default), don't
>> + evaluate forms sent by the Lisp.
>
> what is the security risk (which isn't already present just by having
> slime connected) which evaluate-in-emacs adds?
The Lisp program could reside on an untrusted host. It should not be
allowed to execute arbitrary code on the host where Emacs runs.
--
Matthias Köppe -- http://www.math.uni-magdeburg.de/~mkoeppe
More information about the slime-devel
mailing list