[slime-devel] security and presentations
Matthias Koeppe
mkoeppe+slime at mail.math.uni-magdeburg.de
Sat Sep 10 12:49:42 UTC 2005
Alan Ruttenberg <alanr-l at mumble.net> writes:
> I'd like to reinstate the ability have the lisp side be able to
> evaluate arbitrary forms from presentation menus. If there is a
> security issue for some I think it would be better handled by having a
> switch to disable evaluation of these forms, with the default being
> that they are evaluated.
I had implemented such a switch for the protocol message
`evaluate-in-emacs'. In my opinion, if a presentation-menu action
wants to evaluate a form in Emacs, it should simply call
`evaluate-in-emacs'. This simplifies the menu protocol.
However, Helmut has removed `evaluate-in-emacs' completely.
Helmut, could you comment whether it would be acceptable for you if we
re-introduce evaluate-in-emacs (together with the security switch
`slime-enable-evaluate-in-emacs'). It seems to be a feature that is
useful for Alan (and others). (However, I think that the default
should be a secure one, and that no default SLIME functionality should
depend on it.)
> Also, the recent move of the inspect, describe, and copy to input
> functions to the emacs side removes the ability to specialize the
> method on the lisp side to not offer those choices.
I don't see the point in not offering these choices. Isn't it good if
these menu items are always available so that one can rely on them?
Also, in my opinion, it is much cleaner to handle these items in Emacs
rather than relying on the feature of evaluating arbitrary code in
Emacs.
--
Matthias Köppe -- http://www.math.uni-magdeburg.de/~mkoeppe
More information about the slime-devel
mailing list