From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#74879: 30.0.92; trusted-content-p and trusted-files cannot be used for non-file buffers Date: Sun, 15 Dec 2024 14:29:38 +0200 Message-ID: <8634iprux9.fsf@gnu.org> References: <87ed29ixu8.fsf@daniel-mendler.de> <875xnlfdzi.fsf@daniel-mendler.de> <86cyhtrzmo.fsf@gnu.org> <87jzc1dxk2.fsf@daniel-mendler.de> <868qshry7w.fsf@gnu.org> <87y10hb2im.fsf@localhost> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="34835"; mail-complaints-to="usenet@ciao.gmane.io" Cc: mail@daniel-mendler.de, 74879@debbugs.gnu.org, monnier@iro.umontreal.ca, stefankangas@gmail.com To: Ihor Radchenko Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Dec 15 13:33:25 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tMnoL-0008tl-0q for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 15 Dec 2024 13:33:25 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tMno3-00016W-Ex; Sun, 15 Dec 2024 07:33:07 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tMno0-00016F-Uw for bug-gnu-emacs@gnu.org; Sun, 15 Dec 2024 07:33:05 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tMno0-0002p7-IS for bug-gnu-emacs@gnu.org; Sun, 15 Dec 2024 07:33:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=References:In-Reply-To:From:Date:To:Subject; bh=K2YpTuZqzPuOBV7uTVAk4YJVKNREZDVPkIadFSgv/s4=; b=RaQhtLNpg14nawWeWQR+qw8gN/uhJNyytCNO+5qsEQFOENxpsenKL76Bp/WG30ghys/cqWrJuP5LfLUiVRDqXw6nRLkCya4iCR0Wr7YpBmziFU1O41XEufFlSOfj/bbSGVeeonWlYz6fyfxuFf0Pc9sfc/kvCegKoS2/KuVDCot4jaJMxKw9LecxFCwGbgEZZ5+DYpfPYhwb/gQFGGXgBUtcqiJ0Ya5WmkpaJpIglS3er5T3xNvx5GuhfhWiSaTsAUwxRNlJjdfqsK9+pMdEOuoru3Ze9f9F+GprFmC5WB/Z7v01pdhBSRQCSvnVvROP3I954Am2Y8QlA2BmJ0nVnA==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tMnnx-00032K-SO for bug-gnu-emacs@gnu.org; Sun, 15 Dec 2024 07:33:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 15 Dec 2024 12:33:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74879 X-GNU-PR-Package: emacs Original-Received: via spool by 74879-submit@debbugs.gnu.org id=B74879.173426593511600 (code B ref 74879); Sun, 15 Dec 2024 12:33:01 +0000 Original-Received: (at 74879) by debbugs.gnu.org; 15 Dec 2024 12:32:15 +0000 Original-Received: from localhost ([127.0.0.1]:49833 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tMnnC-000311-Oo for submit@debbugs.gnu.org; Sun, 15 Dec 2024 07:32:15 -0500 Original-Received: from eggs.gnu.org ([209.51.188.92]:52772) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tMnn9-00030i-S9 for 74879@debbugs.gnu.org; Sun, 15 Dec 2024 07:32:13 -0500 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tMnko-000227-Gv; Sun, 15 Dec 2024 07:29:47 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=K2YpTuZqzPuOBV7uTVAk4YJVKNREZDVPkIadFSgv/s4=; b=SlvVslTmcbWS LiK0B0+SZLIWnpHmNnt+SjmfF37KhoG0FerwDlDWnZvqxsJBzDNOX1ZIKLK9prnd7+Gbnn6+BFhrb JoGMD/SGpWDRBXotTWDu3f3nz6q9U9Kjp1Ku+VRqwcowXofBXrPsH4jTBNi7iMOFmGXJsOOPL7Ba5 c3cPNpt/e3Jx3y2X5MyBXLRM935AfV9nq0Ii5jHyLZT0J04t/3sZDT0GL74tiIUDO48QWAH9OaALJ 1NgbtN6lzuaDq8F07nIz/RoiN4p++0OFtdvovYs+uNXcIcmUrBEOHqSweQDh3VQEEKuewZ+JPxYnF jqy7I37j6fHcYItD2qGRwA==; In-Reply-To: <87y10hb2im.fsf@localhost> (message from Ihor Radchenko on Sun, 15 Dec 2024 11:37:37 +0000) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:297098 Archived-At: > From: Ihor Radchenko > Cc: Daniel Mendler , 74879@debbugs.gnu.org, > monnier@iro.umontreal.ca, stefankangas@gmail.com > Date: Sun, 15 Dec 2024 11:37:37 +0000 > > Eli Zaretskii writes: > > > The question is serious: how do we envision this "trust" thing to work > > with buffers that don't visit files? If we are to change the code, > > certainly on the emacs-30 branch, we need a solid solution which > > provides more safety/security to users. Adding a variable doesn't > > solve a problem, it _adds_ a problem (how to populate the variable). > > Let me try. > > If buffer contents is not coming from a file, it must be generated by > some Elisp code. That code may as well set trust status. > For example, *scratch* buffer may have its contents (automatically > generated) marked as trusted by default. > > Does it make sense? Are you in effect saying that every buffer that doesn't visit a file should be trusted? If that's accepted, it doesn't need any function. And can we really trust arbitrary ELisp code that to set trust? And what about buffers whose contents came from a network connection? What about buffers whose contents came from inserting some file or part thereof, or were generated by processing some file? What about buffers whose contents came from a program Emacs invoked?