From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#70440: [PATCH] Use -P switch when calling 'python-interpreter' Date: Fri, 19 Apr 2024 10:15:06 +0300 Message-ID: <861q71dds5.fsf@gnu.org> References: <87h6fzj1b1.fsf@gmail.com> <861q73hkeq.fsf@gnu.org> <87jzkthok4.fsf@gmail.com> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="20263"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 70440@debbugs.gnu.org, kobarity@gmail.com To: Augusto Stoffel Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri Apr 19 09:16:18 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rxiTp-00054V-U1 for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 19 Apr 2024 09:16:18 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxiTW-0003XA-2k; Fri, 19 Apr 2024 03:15:58 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxiTO-0003U6-CJ for bug-gnu-emacs@gnu.org; Fri, 19 Apr 2024 03:15:50 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxiTO-0006zb-3D for bug-gnu-emacs@gnu.org; Fri, 19 Apr 2024 03:15:50 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rxiTc-0006kB-0U for bug-gnu-emacs@gnu.org; Fri, 19 Apr 2024 03:16:04 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 19 Apr 2024 07:16:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70440 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 70440-submit@debbugs.gnu.org id=B70440.171351093223708 (code B ref 70440); Fri, 19 Apr 2024 07:16:03 +0000 Original-Received: (at 70440) by debbugs.gnu.org; 19 Apr 2024 07:15:32 +0000 Original-Received: from localhost ([127.0.0.1]:57256 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxiT5-00069N-K2 for submit@debbugs.gnu.org; Fri, 19 Apr 2024 03:15:32 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:56344) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxiT3-0005lr-5g for 70440@debbugs.gnu.org; Fri, 19 Apr 2024 03:15:30 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxiSj-0006jd-NZ; Fri, 19 Apr 2024 03:15:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=ZcNOgNikurQxYN5cNJeIJfgVy0FAdu3NFxYZmv+7ACQ=; b=dgYaAXdhPPR7 l5bNHz+a6us+wEYlMyekvP6TPM2CnV4TYwMm2HnRHep9ZxtyOqg888ok/qsgl1piZZCTGyMrELJiR DZELPFj2glyAFrRrKix7EBxw7pp6W8JFJgZ4EB4T2QQDBx10b49h6TN4OPkfSTcpysLTdw6EYX0BJ +XgRwaUrkcZ9wjfbojcHriZrZaPPudJVEmVNqRyi6U97/nWswhEQYz1s/6y6v5tQBY/Q0/bRMWrsR id/qqdfsYPsdrHoI+4HSlUK1VACFjMlcWOf80yutdBWu/kacn9RM/66bIsIFeS9gETH2ELQvE8quY WlOUKFSoY6gxp2L0hCBxRQ==; In-Reply-To: <87jzkthok4.fsf@gmail.com> (message from Augusto Stoffel on Fri, 19 Apr 2024 08:08:43 +0200) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:283638 Archived-At: > From: Augusto Stoffel > Cc: Eli Zaretskii , 70440@debbugs.gnu.org > Date: Fri, 19 Apr 2024 08:08:43 +0200 > > On Fri, 19 Apr 2024 at 00:25, kobarity wrote: > > > The -P switch is new, introduced in CPython 3.11, so I don't think it > > can be added unconditionally. Furthermore, `python-interpreter' may > > not be CPython. Isn't it enough to customize > > `python-interpreter-args'? > > After sleeping on this, I recommend using -P anyway and simply failing > if the installed Python is too old. > > The reason is that this has a security implication, similar to the > recent Org mode Latex preview situation. Without -P the user is tacitly > trusting the contents of the current directory. By tricking an user > into downloading a malicious file with an intentional name clash (say > via git pull), arbitrary code could in principle be executed on the > user's machine. > > The -P switch completely removes this possibility, and conversely, > without -P there seems to be no reasonable way to make Python safe. > > I've attached a new patch that informs the user why the commands failed > when Python is too old, which is good enough in my opinion. Note also > that this change only affects the Python import management commands, > which is a very handy but by no means essential feature. Doing it this way would be an annoyance. Users could have less-than-the-latest Python (or non-CPython version) installed for any number of reasons, and it is not our business to annoy them because of this. Security of using Python is not our concern, it is the user's concern. So I'd prefer that the change probed the support for the -P switch when the relevant Emacs commands/functions are first invoked, and used that if -P is supported, without any annoying messages. Do you see any problems with such an approach? Thanks.