Re: Emacs Arbitrary Code Execution and How to Avoid It

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > I get it, though similar concepts are in many editors. As you said,
  > "if flymake is enabled" which means that user enabling flymake should
  > get informed of it.

I firmly disagree.  For Emacs to spontaneously execute code in files
that users did not say should be executed is simply unaccetable.
Warning users that this may happen is not sufficient -- we need to
_fix_ the problem.

I have never used Flymake, so I can't suggest, so I can't 
propose a fix that would seem reasonable ot users of Flymake.

But I think it should involve somehow explicitly specifying the
namss of all files that Flymaoe can treat as Elisp source to be
loaded automatically.  If a file has not been labeled that way,
Flymake should never spontaneously load any of that file.

WDPT?


-- 
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)