From: Chong Yidong Date: Wed, 19 Jul 2006 02:22:51 +0000 (+0000) Subject: * faq.texi (Security risks with Emacs): Document Emacs 22 X-Git-Tag: emacs-pretest-22.0.90~1337 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=fce10019388760b528ee131e7182b2236154b692;p=emacs.git * faq.texi (Security risks with Emacs): Document Emacs 22 file-local-variable mechanism. --- diff --git a/man/ChangeLog b/man/ChangeLog index 86157a2c008..1707b837b6e 100644 --- a/man/ChangeLog +++ b/man/ChangeLog @@ -1,3 +1,8 @@ +2006-07-18 Chong Yidong + + * faq.texi (Security risks with Emacs): Document Emacs 22 + file-local-variable mechanism. + 2006-07-17 Richard Stallman * building.texi (Grep Searching): Explain about chaining grep commands. diff --git a/man/faq.texi b/man/faq.texi index 5fc21eb8575..d431dd360c0 100644 --- a/man/faq.texi +++ b/man/faq.texi @@ -3125,14 +3125,12 @@ arbitrary Emacs Lisp code evaluated when the file is visited. Obviously, there is a potential for Trojan horses to exploit this feature. -Emacs 18 allowed this feature by default; users could disable it by -setting the variable @code{inhibit-local-variables} to a non-@code{nil} value. - -As of Emacs 19, Emacs has a list of local variables that create a -security risk. If a file tries to set one of them, it asks the user to -confirm whether the variables should be set. You can also tell Emacs -whether to allow the evaluation of Emacs Lisp code found at the bottom -of files by setting the variable @code{enable-local-eval}. +As of Emacs 22, Emacs has a list of local variables that are known to +be safe to set. If a file tries to set any variable outside this +list, it asks the user to confirm whether the variables should be set. +You can also tell Emacs whether to allow the evaluation of Emacs Lisp +code found at the bottom of files by setting the variable +@code{enable-local-eval}. For more information, @inforef{File Variables, File Variables, emacs}.