▲ | VyseofArcadia 3 days ago | |
Macros are pretty ubiquitous in lisp. This would result in a trust warning for pretty much every .el file. I think this would go about as well as Windows Vista UAC pop ups or State of California cancer warnings. If everything is dangerous, nothing is. | ||
▲ | medo-bear 3 days ago | parent | next [-] | |
The qualifying term is 'trusted'. If you are running an application like emacs you damn sure better trust it. It's like running Windows and saying you don't trust it. AS for macros in lisp, they are not as ubiquitous as it might seem to an outsider. I write lisp professionally. I write one macro a month, if that, and often I rewrite it as a function afterwards. Saying that macros are ubiquitous in lisp is a meme. To most lispers macros are last resort | ||
▲ | deng 3 days ago | parent | prev [-] | |
If I understand this correctly, this exploit only works with macros that evaluate at least one of their arguments, otherwise no code is actually run. These kind of macros are not that common. I guess one possible fix would be to mark these kind of macros as potentially dangerous and do not expand them automatically for things like code completion and such. |