summaryrefslogtreecommitdiff
path: root/lisp/emacs-lisp/debug.el
diff options
context:
space:
mode:
authorEric M. Ludlam <zappo@gnu.org>2012-01-09 14:12:11 +0800
committerChong Yidong <cyd@gnu.org>2012-01-09 14:12:11 +0800
commita62d5ee188dcb532088a15b0a2f066d3305b2eda (patch)
tree574682d524389c5b21730c379edf818f852d69e2 /lisp/emacs-lisp/debug.el
parent866b58d61afd2eccfed53d1707bea233bde3c030 (diff)
downloademacs-a62d5ee188dcb532088a15b0a2f066d3305b2eda.tar.gz
emacs-a62d5ee188dcb532088a15b0a2f066d3305b2eda.tar.bz2
emacs-a62d5ee188dcb532088a15b0a2f066d3305b2eda.zip
Fix EDE security flaw involving loading arbitrary Lisp from Project.ede.
* lisp/ede.el (ede-project-directories): New option. (ede-directory-safe-p): Check it. (ede-initialize-state-current-buffer, ede, ede-new) (ede-check-project-directory, ede-rescan-toplevel) (ede-load-project-file, ede-parent-project, ede-current-project): (ede-target-parent): Avoid loading in a project unless it is safe, since it may involve malicious code. This security flaw was pointed out by Hiroshi Oota. * lisp/ede/auto.el (ede-project-autoload): Add safe-p slot. (ede-project-class-files): Projects using Project.ede are unsafe. (ede-auto-load-project): New method. * lisp/ede/simple.el (ede-project-class-files): Mark as unsafe.
Diffstat (limited to 'lisp/emacs-lisp/debug.el')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-22 13:07:12 +0000