jed-users mailing list

[2003 Date Index] [2003 Thread Index] [Other years]
[Thread Prev] [Thread Next]      [Date Prev] [Date Next]

Re: [jed-users] setting programming style


Frank v Waveren <fvw@xxxxxx> wrote:
>And hey presto I'd have access to your account and you wouldn't know
>unless you happened to be very observent about the line numbers (which
>sign can ofcourse be circumvented too).
>
>On a slightly related note, how do you turn this feature off?

I agree that this is a potential security risk.  Please try the new
modehook.sl:

    ftp://space.mit.edu/pub/davis/jed/v0.99/modehook.sl

and let me know how it works.  It introduces a new variable: 
Enable_Mode_Hook_Eval

 SYNOPSIS
   Control the use of "eval" from a file's mode statement

 DESCRIPTION
   When a file is read into a buffer, the editor will look for a line near the
   top of the file containing `-*- TEXT -*-', where `TEXT' usually 
   specifies the mode to be applied to the buffer, e.g.,

       /* -*- C -*- */

   For this reason, such a line is referred to as the files mode statement.
   In addition, an arbitrary S-Lang expression may be executed by
   the mode statement through the use of `eval' and `evalfile', e.g.,

      /* -*- mode: C; eval: set_buffer_no_backup; -*- */

   This example would cause c-mode to be assigned to the buffer, and backups
   for the file turned-off.  Obviously this poses a security risk, since it 
   permits the evaluation of arbitrary S-Lang code.  
   
   The `Enable_Mode_Hook_Eval' variable may be used to control how 
   `eval', and other potentially risky constructs are handled by the file's
   mode statement.  If its value is 0, such statements will not get executed.
   If the value of `Enable_Mode_Hook_Eval' is NULL, then the editor will
   query the user about whether to execute the statement, otherwise such 
   statements will get executed.  The default value is NULL, i.e., to 
   query the user.

 SEE ALSO
   modeline_hook2, eval, evalfile, set_mode

Thanks,
--John

--------------------------
To unsubscribe send email to <jed-users-request@xxxxxxxxxxx> with
the word "unsubscribe" in the message body.
Need help? Email <jed-users-owner@xxxxxxxxxxx>.


[2003 date index] [2003 thread index]
[Thread Prev] [Thread Next]      [Date Prev] [Date Next]