* Re: Possible security hole? nnfolder evaluates local variables..
[not found] <m2oham11cj.fsf@proletcult.slip.ifi.uio.no>
@ 1997-05-08 16:15 ` vroonhof
1997-05-08 19:54 ` Steven L Baur
1997-05-17 3:34 ` Lars Magne Ingebrigtsen
0 siblings, 2 replies; 8+ messages in thread
From: vroonhof @ 1997-05-08 16:15 UTC (permalink / raw)
Cc: ding
> > The problem:
> > XEmacs evals local variables for nnfolder files
> >
> > The symptom:
> > This appeared in the minibuffer
> >
> > Fetching headers for nnfolder:xemacs-beta...done
> > File local-variables error: (void-function winmgr-mode)
>
> [refering to definition of nnheader-find-file-noselect]
> The `enable-local-variables' (under Emacs, at least) should ensure
> that no variables are evaled. Is there some other variable under
> XEmacs that controls this?
XEmacs uses the same variable..
> nnfolder uses this to load the folder:>
> (defun nnheader-find-file-noselect (&rest args)
Ahhh. That is the problem...
Under XEmacs it nnheader-find-file-noselect is shadowed by
nnheader-xemacs-find-file-noselect (from nnheaderxm.el). A large ugly
function that looks like a verbatim copy of find-file-noselect from
the XEmacs files.el. It proably does the enable-local-variables thing
wrong. I am not sure why it calls after-find-file functions at all.
The last reference I can find to it is in the Changelog of Gnus 5.2.39.
where there is a "simplify" entry. I cannot see why it was introduced.
Does anybody know?
--
Jan Vroonhof http://www.math.ethz.ch/~vroonhof/
Mathematik, vroonhof@math.ethz.ch
HG E16, ETH-Zentrum, Tel: +41-1-6325456/25154
Raemistrasse 101, CH-8092 Zuerich. Fax: +41-1-6321085
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Possible security hole? nnfolder evaluates local variables..
1997-05-08 16:15 ` Possible security hole? nnfolder evaluates local variables vroonhof
@ 1997-05-08 19:54 ` Steven L Baur
1997-05-09 10:10 ` Jan Vroonhof
1997-05-17 3:34 ` Lars Magne Ingebrigtsen
1 sibling, 1 reply; 8+ messages in thread
From: Steven L Baur @ 1997-05-08 19:54 UTC (permalink / raw)
This is one tangled mess. Are either of you using tm? It also
contains redefinitions of `nnheader-find-file-noselect' and
`nnheader-insert-file-contents', except that they're correct (sigh,
the correct code only gets applied to XEmacs/Mule).
vroonhof <vroonhof@math.ethz.ch> writes:
> Under XEmacs it nnheader-find-file-noselect is shadowed by
> nnheader-xemacs-find-file-noselect (from nnheaderxm.el). A large ugly
> function that looks like a verbatim copy of find-file-noselect from
> the XEmacs files.el.
Nope. It's a copy of an *old* version of find-file-noselect.
> It proably does the enable-local-variables thing wrong.
It looks like it, but I'm not sure what it is trying to accomplish.
--
steve@calag.com baur
Unsolicited commercial e-mail will be billed at $250/message.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Possible security hole? nnfolder evaluates local variables..
1997-05-08 19:54 ` Steven L Baur
@ 1997-05-09 10:10 ` Jan Vroonhof
1997-05-17 3:36 ` Lars Magne Ingebrigtsen
0 siblings, 1 reply; 8+ messages in thread
From: Jan Vroonhof @ 1997-05-09 10:10 UTC (permalink / raw)
Steven L Baur <steve@calag.com> writes:
> This is one tangled mess. Are either of you using tm? It also
> contains redefinitions of `nnheader-find-file-noselect' and
> `nnheader-insert-file-contents', except that they're correct (sigh,
> the correct code only gets applied to XEmacs/Mule).
I am using tm, but not XEmacs/Mule (19.15 in fact).
>
> It looks like it, but I'm not sure what it is trying to accomplish.
I hope that larsi can find the old Changelog entry that introduced it.
Going back to rgnus learns that it was introduced BEFORE the
file-local variables thing was introduced in the ordinary version.
Jan
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Possible security hole? nnfolder evaluates local variables..
1997-05-08 16:15 ` Possible security hole? nnfolder evaluates local variables vroonhof
1997-05-08 19:54 ` Steven L Baur
@ 1997-05-17 3:34 ` Lars Magne Ingebrigtsen
1 sibling, 0 replies; 8+ messages in thread
From: Lars Magne Ingebrigtsen @ 1997-05-17 3:34 UTC (permalink / raw)
vroonhof@math.ethz.ch writes:
> The last reference I can find to it is in the Changelog of Gnus 5.2.39.
> where there is a "simplify" entry. I cannot see why it was introduced.
5.2.17, you mean.
For the first time since I established the Total Gnus CVS Archive,
I've actually used it for something. Whee!
The "simplify" was exactly that -- a `boundp' thing was removed, but
there was no change otherwise.
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Possible security hole? nnfolder evaluates local variables..
1997-05-09 10:10 ` Jan Vroonhof
@ 1997-05-17 3:36 ` Lars Magne Ingebrigtsen
1997-05-17 5:22 ` Steven L Baur
1997-05-17 14:19 ` Hrvoje Niksic
0 siblings, 2 replies; 8+ messages in thread
From: Lars Magne Ingebrigtsen @ 1997-05-17 3:36 UTC (permalink / raw)
Jan Vroonhof <vroonhof@math.ethz.ch> writes:
> I hope that larsi can find the old Changelog entry that introduced it.
> Going back to rgnus learns that it was introduced BEFORE the
> file-local variables thing was introduced in the ordinary version.
I have no idea why nnheaderxm.el includes the copies of these
functions at all. Steven, you're the one who put them back in after I
removed them -- was it an XEmacs 19.13 thing or something?
In comparison, the function used under Emacs is rather small and
straightforward:
(defun nnheader-find-file-noselect (&rest args)
(let ((format-alist nil)
(auto-mode-alist (nnheader-auto-mode-alist))
(default-major-mode 'fundamental-mode)
(enable-local-variables nil)
(after-insert-file-functions nil))
(apply 'find-file-noselect args)))
Shouldn't this work under XEmacs as well?
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Possible security hole? nnfolder evaluates local variables..
1997-05-17 3:36 ` Lars Magne Ingebrigtsen
@ 1997-05-17 5:22 ` Steven L Baur
1997-05-19 0:06 ` Lars Magne Ingebrigtsen
1997-05-17 14:19 ` Hrvoje Niksic
1 sibling, 1 reply; 8+ messages in thread
From: Steven L Baur @ 1997-05-17 5:22 UTC (permalink / raw)
Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> I have no idea why nnheaderxm.el includes the copies of these
> functions at all. Steven, you're the one who put them back in after I
> removed them -- was it an XEmacs 19.13 thing or something?
I recall that (digging ...) September Gnus v0.27 removed by you,
September Gnus v0.28 restored by me.
Tue Jan 16 17:25:28 1996 Steven L. Baur <steve@miranova.com>
...
* gnus-xmas.el (insert-file-contents-literally): Restored from
v0.26 nnheader.el since XEmacs 19.13 doesn't have this function.
This was the period I was working around an extremely ugly XEmacs
internals bug that interacted very badly with nnmh.
If this is the reason those functions are still there, I think it's
safe to kill them now. :-)
> In comparison, the function used under Emacs is rather small and
> straightforward:
> (defun nnheader-find-file-noselect (&rest args)
> (let ((format-alist nil)
> (auto-mode-alist (nnheader-auto-mode-alist))
> (default-major-mode 'fundamental-mode)
> (enable-local-variables nil)
> (after-insert-file-functions nil))
> (apply 'find-file-noselect args)))
> Shouldn't this work under XEmacs as well?
It looks O.K. to me.
--
steve@calag.com baur
Unsolicited commercial e-mail will be billed at $250/message.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Possible security hole? nnfolder evaluates local variables..
1997-05-17 3:36 ` Lars Magne Ingebrigtsen
1997-05-17 5:22 ` Steven L Baur
@ 1997-05-17 14:19 ` Hrvoje Niksic
1 sibling, 0 replies; 8+ messages in thread
From: Hrvoje Niksic @ 1997-05-17 14:19 UTC (permalink / raw)
Lars Magne Ingebrigtsen <larsi@gnus.org> writes:
> (defun nnheader-find-file-noselect (&rest args)
> (let ((format-alist nil)
> (auto-mode-alist (nnheader-auto-mode-alist))
> (default-major-mode 'fundamental-mode)
> (enable-local-variables nil)
> (after-insert-file-functions nil))
> (apply 'find-file-noselect args)))
>
> Shouldn't this work under XEmacs as well?
Looks good to me.
--
Hrvoje Niksic <hniksic@srce.hr> | Student at FER Zagreb, Croatia
--------------------------------+--------------------------------
Oh lord won't you buy me a color TV...
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Possible security hole? nnfolder evaluates local variables..
1997-05-17 5:22 ` Steven L Baur
@ 1997-05-19 0:06 ` Lars Magne Ingebrigtsen
0 siblings, 0 replies; 8+ messages in thread
From: Lars Magne Ingebrigtsen @ 1997-05-19 0:06 UTC (permalink / raw)
Steven L Baur <steve@xemacs.org> writes:
> If this is the reason those functions are still there, I think it's
> safe to kill them now. :-)
Ok; I've killed the functions for Gnus v5.4.54.
--
(domestic pets only, the antidote for overdose, milk.)
larsi@gnus.org * Lars Magne Ingebrigtsen
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~1997-05-19 0:06 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <m2oham11cj.fsf@proletcult.slip.ifi.uio.no>
1997-05-08 16:15 ` Possible security hole? nnfolder evaluates local variables vroonhof
1997-05-08 19:54 ` Steven L Baur
1997-05-09 10:10 ` Jan Vroonhof
1997-05-17 3:36 ` Lars Magne Ingebrigtsen
1997-05-17 5:22 ` Steven L Baur
1997-05-19 0:06 ` Lars Magne Ingebrigtsen
1997-05-17 14:19 ` Hrvoje Niksic
1997-05-17 3:34 ` Lars Magne Ingebrigtsen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).