From f0067611f158e424e19d4d9f7e0c43b559ae633d Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Mon, 30 Nov 2015 08:56:55 -0800 Subject: [PATCH] A bit more security doc, esp. file local vars * doc/emacs/emacs.texi (Top): * doc/emacs/misc.texi (Miscellaneous Commands): Refer to new Host Security section. (Host Security): New section. * doc/lispref/os.texi (Security Considerations): Mention file local variables. --- doc/emacs/emacs.texi | 1 + doc/emacs/misc.texi | 22 +++++++++++++++++++++- doc/lispref/os.texi | 12 ++++++++++++ 3 files changed, 34 insertions(+), 1 deletion(-) diff --git a/doc/emacs/emacs.texi b/doc/emacs/emacs.texi index 2877be9c6b7..d87e8077d33 100644 --- a/doc/emacs/emacs.texi +++ b/doc/emacs/emacs.texi @@ -188,6 +188,7 @@ Advanced Features * Sending Mail:: Sending mail in Emacs. * Rmail:: Reading mail in Emacs. * Gnus:: A flexible mail and news reader. +* Host Security:: Security issues on a single computer. * Network Security:: Managing the network security. * Document View:: Viewing PDF, PS and DVI files. * EWW:: A web browser in Emacs. diff --git a/doc/emacs/misc.texi b/doc/emacs/misc.texi index 7fad8268d06..03e6613770d 100644 --- a/doc/emacs/misc.texi +++ b/doc/emacs/misc.texi @@ -6,7 +6,8 @@ @chapter Miscellaneous Commands This chapter contains several brief topics that do not fit anywhere -else: reading Usenet news, viewing PDFs and other such documents, web +else: reading Usenet news, host and network security, +viewing PDFs and other such documents, web browsing, running shell commands and shell subprocesses, using a single shared Emacs for utilities that expect to run an editor as a subprocess, printing, sorting text, editing binary files, saving an @@ -249,6 +250,25 @@ Search forward for articles containing a match for @var{regexp}. Exit the summary buffer and return to the group buffer. @end table +@node Host Security +@section Host Security +@cindex security + +Emacs runs inside an operating system such as GNU/Linux, and relies on +the operating system to check security constraints such as accesses to +files. The default settings for Emacs are designed for typical use; +they may require some tailoring in environments where security is more +of a concern, or less of a concern, than usual. For example, +file-local variables can be risky, and you can set the variable +@code{enable-local-variables} to @code{:safe} or (even more +conservatively) to @code{nil}; conversely, if your files can all be +trusted and the default checking for these variables is irritating, +you can set @code{enable-local-variables} to @code{:all}. @xref{Safe +File Variables}. + +@xref{Security Considerations,,, elisp, The Emacs Lisp Reference +Manual}, for more information about security considerations when using +Emacs as part of a larger application. @node Network Security @section Network Security diff --git a/doc/lispref/os.texi b/doc/lispref/os.texi index f3c4e29cca2..1e344c02413 100644 --- a/doc/lispref/os.texi +++ b/doc/lispref/os.texi @@ -2919,6 +2919,18 @@ means complete; it is intended to give you an idea of the security issues involved, rather than to be a security checklist. @table @asis +@item File local variables +@cindex file local variables +A file that Emacs visits can contain variable settings that affects +the buffer visiting that file; @xref{File Local Variables}. +Similarly, a directory can specify local variable values common to all +files in that directory; @xref{Directory Local Variables}. Although +Emacs takes some effort to protect against misuse of these variables, +a security hole can be created merely by a package setting +@code{safe-local-variable} too optimistically, a problem that is all +too common. To disable this feature for both files and directories, +set @code{enable-local-variables} to nil. + @item Access control Although Emacs normally respects access permissions of the underlying operating system, in some cases it handles accesses specially. For -- 2.39.5