From 9abf841429257a3e1008bedc4d857ea7a25ab9a6 Mon Sep 17 00:00:00 2001 From: Stefan Kangas Date: Fri, 8 Jul 2022 12:04:17 +0200 Subject: [PATCH] Stop ffap-machine-at-point from pinging random hosts Having this on by default is highly problematic from a security and privacy standpoint, as it risks having outgoing traffic that could potentially reveal sensitive data (passwords, names, etc.). It also seems to be causing issues for users, see e.g. https://github.com/emacs-helm/helm/issues/648 * lisp/ffap.el (ffap-machine-p-known): Change default to 'accept'. --- etc/NEWS | 6 ++++++ lisp/ffap.el | 7 ++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/etc/NEWS b/etc/NEWS index 39c3aabb11e..226af8d7d6a 100644 --- a/etc/NEWS +++ b/etc/NEWS @@ -2042,6 +2042,12 @@ back the old behavior. This command prompts for a recently opened file in the minibuffer, and visits it. +--- +*** 'ffap-machine-at-point' no longer pings hosts by default. +It will now simply look at a hostname to determine if it is valid, +instead of also trying to ping it. Customize the user option +'ffap-machine-p-known' to 'ping' to get the old behavior back. + --- *** The 'run-dig' command is now obsolete; use 'dig' instead. diff --git a/lisp/ffap.el b/lisp/ffap.el index 20929c659de..65e0779e400 100644 --- a/lisp/ffap.el +++ b/lisp/ffap.el @@ -1,6 +1,6 @@ ;;; ffap.el --- find file (or url) at point -*- lexical-binding: t -*- -;; Copyright (C) 1995-1997, 2000-2022 Free Software Foundation, Inc. +;; Copyright (C) 1995-2022 Free Software Foundation, Inc. ;; Author: Michelangelo Grigni ;; Maintainer: emacs-devel@gnu.org @@ -394,7 +394,7 @@ Value should be a symbol, one of `ping', `accept', and `reject'." :safe #'ffap--accept-or-reject-p :group 'ffap) -(defcustom ffap-machine-p-known 'ping ; `accept' for higher speed +(defcustom ffap-machine-p-known 'accept "What `ffap-machine-p' does with hostnames that have a known domain. Value should be a symbol, one of `ping', `accept', and `reject'. See `mail-extr.el' for the known domains." @@ -402,7 +402,8 @@ See `mail-extr.el' for the known domains." (const accept) (const reject)) :safe #'ffap--accept-or-reject-p - :group 'ffap) + :group 'ffap + :version "29.1") (defcustom ffap-machine-p-unknown 'reject "What `ffap-machine-p' does with hostnames that have an unknown domain. -- 2.39.5