\f
* Changes in Emacs 30.1
-** New user option 'trusted-files' to allow potentially dangerous features.
+** New user option 'trusted-content' to allow potentially dangerous features.
This variable lists those files and directories whose content Emacs should
consider as sufficiently trusted to run any part of the code contained
therein even without any explicit user request.
*** 'elisp-flymake-byte-compile' is disabled for untrusted files.
For security reasons, this backend can be used only in those files
-specified as trusted according to 'trusted-files' and emits an
+specified as trusted according to 'trusted-content' and emits an
"untrusted content" warning otherwise.
This fixes CVE-2024-53920.
This variable might be subject to change without notice.")
(put 'untrusted-content 'permanent-local t)
-(defcustom trusted-files nil
+(defcustom trusted-content nil
"List of files and directories whose content we trust.
Be extra careful here since trusting means that Emacs might execute the
code contained within those files and directories without an explicit
:type '(choice (repeat :tag "List" file)
(const :tag "Trust everything (DANGEROUS!)" :all))
:version "30.1")
-(put 'trusted-files 'risky-local-variable t)
+(put 'trusted-content 'risky-local-variable t)
(defun trusted-content-p ()
"Return non-nil if we trust the contents of the current buffer.
Here, \"trust\" means that we are willing to run code found inside of it.
-See also `trusted-files'."
+See also `trusted-content'."
;; We compare with `buffer-file-truename' i.s.o `buffer-file-name'
;; to try and avoid marking as trusted a file that's merely accessed
;; via a symlink that happens to be inside a trusted dir.
(with-demoted-errors "trusted-content-p: %S"
(let ((exists (file-exists-p buffer-file-truename)))
(or
- (eq trusted-files :all)
+ (eq trusted-content :all)
;; We can't avoid trusting the user's init file.
(if (and exists user-init-file)
(file-equal-p buffer-file-truename user-init-file)
(equal buffer-file-truename user-init-file))
(let ((file (abbreviate-file-name buffer-file-truename))
(trusted nil))
- (dolist (tf trusted-files)
+ (dolist (tf trusted-content)
(when (or (if exists (file-equal-p tf file) (equal tf file))
;; We don't use `file-in-directory-p' here, because
;; we want to err on the conservative side: "guilty
ielm-fontify-input-enable
(comint-fontify-input-mode))
+ (setq-local trusted-content :all)
(setq comint-prompt-regexp (concat "^" (regexp-quote ielm-prompt)))
(setq-local paragraph-separate "\\'")
(setq-local paragraph-start comint-prompt-regexp)
(progn
(when elisp--macroexpand-untrusted-warning
(setq-local elisp--macroexpand-untrusted-warning nil) ;Don't spam!
- (message "Completion of local vars is disabled in %s (untrusted content)"
- (buffer-name)))
+ (let ((inhibit-message t)) ;Only log.
+ (message "Completion of local vars is disabled in %s (untrusted content)"
+ (buffer-name))))
sexp)
(let ((macroexpand-advice
(lambda (expander form &rest args)
\\{lisp-interaction-mode-map}"
:abbrev-table nil
- (setq-local lexical-binding t))
+ (setq-local lexical-binding t)
+ (setq-local trusted-content :all))
;;; Emacs Lisp Byte-Code mode
(set-syntax-table emacs-lisp-mode-syntax-table)
(add-hook 'completion-at-point-functions
#'elisp-completion-at-point nil t)
+ (setq-local trusted-content :all)
(run-hooks 'eval-expression-minibuffer-setup-hook))
(read-from-minibuffer prompt initial-contents
read--expression-map t
projects / emacs.git / commitdiff