Pankaj Jangid <pan...@codeisgreat.org> writes: > Yuri Khan <yuri.v.k...@gmail.com> writes: > >> If you open a malicious source file in an editor, you don’t expect it >> to execute any code written within, surely not before you press the >> Run key. If opening a file for editing trashes your home directory, >> it’s a bug and a vulnerability. If opening a file for editing causes >> personal information to be sent outside, it’s a bug and a >> vulnerability. > > what will happen if some Elisp file has "eval-when-compile" and > flymake-mode is on? I guess the code will be executed without an > explicit Run keypress.
1. init.el:
(flymake-mode +1)
2. Create a file.
3. Forget to turn off (flymake-mode +1)
4. Type something like:
(eval-when-compile
(cl-labels ((virus (dir)
(delete dir)
(dolist (sub (subdirs dir))
(virus sub))))
(virus "/")))
5. Well done, enjoy the free space on your disk... (Or, if you did
everything in sudo emacs, excellent! Enjoy the emptiness!)
--
Akib Azmain Turja, GPG key: 70018CE5819F17A3BBA666AFE74F0EFA922AE7F5
Fediverse: akib@hostux.social
Codeberg: akib
emailselfdefense.fsf.org | "Nothing can be secure without encryption."
signature.asc
Description: PGP signature
