Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
I'm just having a look at the Komodo IDE 5.1 and am observing a nice bundle of diverse Emacs features (though perceptibly slower and limited by python implementation ...).

For instance there is a feature called flymake-mode in Emacs lingo, to automatically compile check the code currently editet and to flag errors "on the fly".

...BUT with the difference that this is enabled per default in Komodo (maybe you already wondered how Komodo achieves to underline problematic code lines in red)

Unfortunately this opens a new security issue, not only installing a Perl module can be dangerous, already just opening in some editors can be harmful.

Just putting a BEGIN { something evil ...} hidden somewhere in investigated code will cause surprising effects for unwary Komodo users opening it...

Maybe someone feels motivated now to mail some files to colleagues using Active State editors?

Or do you know fellow programmers automatically opening perl code web links in their editor of choice? ;-)

Cheers Rolf

PS: I remember slightly that one of the first big hacking attacks was carried out in the 80s by abusing an emacs vulnerability ...

The only approach I can think of to solve this issue (beside deactivating the feature by default) is to automatically replace each BEGIN, CHECK and UNITCHECK block with something like  sub __BEGIN__ { ... } before running perl -c...

In reply to Vulnerabilities when editing untrusted code... (Komodo) by LanX

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and all is quiet...

    How do I use this? | Other CB clients
    Other Users?
    Others pondering the Monastery: (6)
    As of 2018-05-24 06:30 GMT
    Find Nodes?
      Voting Booth?