Don't consider play-sound-file to be a 'safe' function (bug#44018)

While there are currently no known security holes in play-sound-file,
the attack surface is considerable and historically audio file
processing has had more than its share of security problems; the
benefit to risk ratio is low.

* lisp/emacs-lisp/unsafep.el: Don't mark play-sound-file as safe.

diff --git a/lisp/emacs-lisp/unsafep.el b/lisp/emacs-lisp/unsafep.el
index e7077140e5459771942de37b9c36be8d1e585a0a..96db5c719390f1eac5dece265b0e93a173680603 100644 (file)
--- a/lisp/emacs-lisp/unsafep.el
+++ b/lisp/emacs-lisp/unsafep.el
@@ -101,7 +101,7 @@ in the parse.")
             ;;Macros from subr.el
             save-match-data unless when
             ;;Functions from subr.el that have side effects
-            split-string replace-regexp-in-string play-sound-file))
+            split-string replace-regexp-in-string))
   (put x 'safe-function t))
 
 ;;;###autoload