elisp-mode.el: Disable Flymake byte-compile backend in untrusted files
To address serious security issues (CVE-2024-53920), disable
`elisp-flymake-byte-compile` except in those files explicitly
specified as "trusted".
For that introduce a new custom var `trusted-files` and new
function `trusted-content-p`.
While at it, similarly skip the implicit macroexpansion done during
completion if the current file is not trusted.
* lisp/files.el (trusted-files): New variable.
(trusted-content-p): New function.
* lisp/progmodes/elisp-mode.el (elisp--safe-macroexpand-all):
New function, extracted from `elisp--local-variables`.
Use `trusted-content-p`.
(elisp--local-variables): Use it.
(elisp-flymake-byte-compile): Disable according to `trusted-content-p`.
(cherry picked from commit
b5158bd191422e46273c4d9412f2bf097e2da2e0)
projects / emacs.git / commit