| commit | a62d5ee188dcb532088a15b0a2f066d3305b2eda | |
| author | Eric M. Ludlam <zappo@gnu.org> | |
| Mon, 9 Jan 2012 06:12:11 +0000 (9 14:12 +0800) | ||
| committer | Chong Yidong <cyd@gnu.org> | |
| Mon, 9 Jan 2012 06:12:11 +0000 (9 14:12 +0800) | ||
| tree | 574682d524389c5b21730c379edf818f852d69e2 | treesnapshot (tar.gz zip) |
| parent | 866b58d61afd2eccfed53d1707bea233bde3c030 | commitdiff |
Fix EDE security flaw involving loading arbitrary Lisp from Project.ede.
* lisp/ede.el (ede-project-directories): New option.
(ede-directory-safe-p): Check it.
(ede-initialize-state-current-buffer, ede, ede-new)
(ede-check-project-directory, ede-rescan-toplevel)
(ede-load-project-file, ede-parent-project, ede-current-project):
(ede-target-parent): Avoid loading in a project unless it is safe,
since it may involve malicious code. This security flaw was
pointed out by Hiroshi Oota.
* lisp/ede/auto.el (ede-project-autoload): Add safe-p slot.
(ede-project-class-files): Projects using Project.ede are unsafe.
(ede-auto-load-project): New method.
* lisp/ede/simple.el (ede-project-class-files): Mark as unsafe.
* lisp/ede.el (ede-project-directories): New option.
(ede-directory-safe-p): Check it.
(ede-initialize-state-current-buffer, ede, ede-new)
(ede-check-project-directory, ede-rescan-toplevel)
(ede-load-project-file, ede-parent-project, ede-current-project):
(ede-target-parent): Avoid loading in a project unless it is safe,
since it may involve malicious code. This security flaw was
pointed out by Hiroshi Oota.
* lisp/ede/auto.el (ede-project-autoload): Add safe-p slot.
(ede-project-class-files): Projects using Project.ede are unsafe.
(ede-auto-load-project): New method.
* lisp/ede/simple.el (ede-project-class-files): Mark as unsafe.
| lisp/cedet/ChangeLog | diffblobblamehistory | |
| lisp/cedet/ede.el | diffblobblamehistory | |
| lisp/cedet/ede/auto.el | diffblobblamehistory | |
| lisp/cedet/ede/simple.el | diffblobblamehistory |