From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Daniel Mendler via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#74879: 30.0.92; trusted-content-p and trusted-files cannot be used for non-file buffers Date: Sun, 15 Dec 2024 11:16:17 +0100 Message-ID: <875xnlfdzi.fsf@daniel-mendler.de> References: <87ed29ixu8.fsf@daniel-mendler.de> Reply-To: Daniel Mendler Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="34111"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: Stefan Monnier , Stefan Kangas To: 74879@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Dec 15 11:17:39 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tMlgx-0008jJ-IO for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 15 Dec 2024 11:17:39 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tMlgV-0003bf-1Z; Sun, 15 Dec 2024 05:17:11 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tMlgN-0003bG-LD for bug-gnu-emacs@gnu.org; Sun, 15 Dec 2024 05:17:05 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tMlgM-00007l-TZ for bug-gnu-emacs@gnu.org; Sun, 15 Dec 2024 05:17:03 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=33QeVtvxeY+6euQQW5OksZYOiTaTQI8hiax5edahtWU=; b=hNi0PfsBvNtbtoKX1xpZg3I9jp+zskBAST5+naVMzoPkmMvwoApwhh/UIMs7lByzn+uuh5BR/giH7E3EE3zDqb/hk3mvqKw3PswfioWDgxWIlKip3P4GJ1zEirriN981JXOc8Cas0LtPwcBArw5WjBWvc+j/j/EQdmdCvleAtMaDZsrmqbih+EY4PuViLLNFdG8oIlrA5FTqRntm74zc3jkMuC8G4WQVf7ZQaeIDQsdoneA7DNUFPCl27KYzwdCLjwzmE5fy74wcaPMHstTEhAVdbfvD+pGFQCc42fHxZ7HO7No12pYsjVaEjtzoTbdX3qCWt4AzubNrsvFcjmwBdw==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tMlgM-00052t-I3 for bug-gnu-emacs@gnu.org; Sun, 15 Dec 2024 05:17:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Daniel Mendler Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 15 Dec 2024 10:17:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74879 X-GNU-PR-Package: emacs X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.173425779219338 (code B ref -1); Sun, 15 Dec 2024 10:17:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 15 Dec 2024 10:16:32 +0000 Original-Received: from localhost ([127.0.0.1]:49625 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tMlfr-00051q-Qi for submit@debbugs.gnu.org; Sun, 15 Dec 2024 05:16:32 -0500 Original-Received: from lists.gnu.org ([209.51.188.17]:54810) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tMlfm-00051e-VM for submit@debbugs.gnu.org; Sun, 15 Dec 2024 05:16:28 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tMlfl-0003ZN-SJ for bug-gnu-emacs@gnu.org; Sun, 15 Dec 2024 05:16:26 -0500 Original-Received: from server.qxqx.de ([2a01:4f8:c012:9177::1] helo=mail.qxqx.de) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tMlfj-0008IX-Em for bug-gnu-emacs@gnu.org; Sun, 15 Dec 2024 05:16:25 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=daniel-mendler.de; s=key; h=Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=33QeVtvxeY+6euQQW5OksZYOiTaTQI8hiax5edahtWU=; b=KIkXVBzeo48zXZS4qj98rHkPOV 35sChT9BnhQtCWcT6xAtbA4Gv+FtdlSgLchcQDk47dJhdKlXePe15cb2dSrwehGL4CDsDxa5EPJwk NMOm1+KBXqIvaFbfr5MBnRCtLvESr9yyd7NSSELeb1J+WWII4A1CVKNFN2/YYNsSsvjo=; In-Reply-To: <87ed29ixu8.fsf@daniel-mendler.de> (Daniel Mendler's message of "Sun, 15 Dec 2024 01:39:11 +0100") Received-SPF: pass client-ip=2a01:4f8:c012:9177::1; envelope-from=mail@daniel-mendler.de; helo=mail.qxqx.de X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:297092 Archived-At: Daniel Mendler writes: > Thank you for the recent addition of `trusted-content-p'. Is there a > possibility to use `trusted-content-p' in buffers which are not backed > by a file? I use Flymake in *scratch* or similar buffers and it seems > that this won't continue to work given that `trusted-content-p' needs a > `buffer-file-truename'. > > My suggestion would be to replace `trusted-files' by a > `trusted-buffer-function' which is a predicate function or a list of > functions. The functions could then check a custom list of trusted files > or a custom list of trusted buffers. > > Alternatively offer `trusted-files', `trusted-buffers' and > `trusted-buffer-function`? `trusted-buffers' could for example rely on > `buffer-match-p`. I have also ported back `trusted-content-p' via Compat. I had the plan to use `trusted-content-p' in external packages which could potentially perform dangerous operations. This way the new feature can be used to retroactively improve the safety even of older Emacs installations. For example in my GNU ELPA Corfu package the plan was to check `(trusted-content-p)' when starting auto completion. To be clear - Corfu is safe by default, since auto completion is disabled by default. However many people enable auto completion unconditionally in all buffers. Now with the limitation of `trusted-content-p' to file-backed buffers, I cannot do this, since otherwise auto completion would be lost for example in *scratch* buffers. Each package could invent its own trust mechanism or alternatively one could limit the `trusted-content-p' check to only file-backed buffers. Both alternatives would be worse than going through the `trusted-content-p' standard mechanism. Therefore by making the `trusted-content-p' mechanism too limited, we get less safety than with a more flexible mechanism. Nevertheless I would avoid creating a complex mechanism given that the mechanism is supposed to be part of Emacs 30. The simplest approach I can think of this this `trusted-buffer-function', a hook called by `run-hook-with-args-until-success'. Later on trust functions can be provided and added to the hook list. The trust functions could check file lists, buffer lists, regexps etc. Users can also write their own predicate functions. In any case, I am happy to help providing patches. Daniel