From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: john muhl Newsgroups: gmane.emacs.bugs Subject: bug#75017: 31.0.50; Untrusted user lisp files Date: Sat, 21 Dec 2024 14:48:52 -0600 Message-ID: <87bjx43gp7.fsf@pub.pink> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="5629"; mail-complaints-to="usenet@ciao.gmane.io" To: 75017@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Dec 21 21:50:18 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tP6QT-0001HI-Py for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 21 Dec 2024 21:50:18 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tP6QG-0000rx-HJ; Sat, 21 Dec 2024 15:50:04 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tP6QE-0000rA-RW for bug-gnu-emacs@gnu.org; Sat, 21 Dec 2024 15:50:03 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tP6QE-0004RK-IK for bug-gnu-emacs@gnu.org; Sat, 21 Dec 2024 15:50:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:Subject; bh=11IoLMiclO2aKNOnof20ce7gpH4uC4+/+KcWokokmgY=; b=Mjqwjoxx9UmydC7v9YC5b6+ORQHtaP/BMG+ZGpMElrCsEddAlmJWy/VPy4LS6Os/sQHtMsrc5LLVSO246sgsKMFTdd/GVUeYdkgZ0HlU6IBhQUQUu4NgZqsOKVXkfgqtMNgiW5ARCVjyeG7OOkCt+GPUClUjQc76cV5oWeV7FUJ+BMKtkbSbseATKmWltkWT35rR5TDYixYnJi5M98L2EYryrnAC86IaY0Q0vCggY8DY1xhcG3h3TqitfJoILTzacjitU9RRdYZs7RB7W+9Ue6CuGW888XBNuD5sA04iFNp3XTqytRsgz31JpGuf9bXobTiH0MW2M7cOr5A9bcE4Dw==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tP6QE-0007iv-6V for bug-gnu-emacs@gnu.org; Sat, 21 Dec 2024 15:50:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: john muhl Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 21 Dec 2024 20:50:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 75017 X-GNU-PR-Package: emacs X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.173481414329603 (code B ref -1); Sat, 21 Dec 2024 20:50:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 21 Dec 2024 20:49:03 +0000 Original-Received: from localhost ([127.0.0.1]:48112 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tP6PG-0007hP-E5 for submit@debbugs.gnu.org; Sat, 21 Dec 2024 15:49:02 -0500 Original-Received: from lists.gnu.org ([209.51.188.17]:33168) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tP6PE-0007h0-Ju for submit@debbugs.gnu.org; Sat, 21 Dec 2024 15:49:01 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tP6PE-0000oS-D8 for bug-gnu-emacs@gnu.org; Sat, 21 Dec 2024 15:49:00 -0500 Original-Received: from fhigh-b3-smtp.messagingengine.com ([202.12.124.154]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tP6PC-0004P3-Gu for bug-gnu-emacs@gnu.org; Sat, 21 Dec 2024 15:49:00 -0500 Original-Received: from phl-compute-06.internal (phl-compute-06.phl.internal [10.202.2.46]) by mailfhigh.stl.internal (Postfix) with ESMTP id 24EB1254013E for ; Sat, 21 Dec 2024 15:48:55 -0500 (EST) Original-Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-06.internal (MEProxy); Sat, 21 Dec 2024 15:48:55 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pub.pink; h=cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to; s=fm1; t=1734814134; x=1734900534; bh=11IoLMiclO 2aKNOnof20ce7gpH4uC4+/+KcWokokmgY=; b=NJ2pWWxetkJStulOlxMhVzQteU qkR8FC54B6kvQMcHi64J50k/UW7TfkLXBE8XT/rUm+hb2LKl/xMOIxyBeBc5MXok LSAmFwvcW2G7EOKqfSiJiSAcV9rgRXqM5PV9ougb+NTZof9JEhDdYqGtQHkAebsr ngEml9wiJpPIv52+lCEGIYNxNpI+2zXoAMI5InA594yHyMuh5vd1VMtEF5WSwR6C JqFvReRU2jJdZuCK8LbfzflZH+UT3tae9lI2tjEnLRWHg2PzigCGcD1Mm2oYoqBY 7NBryQJ97TyNnp11V4rxog1aPX6zA+NKEgWEs8xB7pzm/k3/hkOH0CVt2mRA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1734814134; x=1734900534; bh=11IoLMiclO2aKNOnof20ce7gpH4uC4+/+Kc WokokmgY=; b=wtPX12rZJVYhUMwVMfyEciuaJh2C4Roqu2fjzZt8d3z/XQOaMFK +0+kp7bmZUUayJagvA7zTfCHEXCEazTSRSsX+CYEE04SGPUePX4i8pSaG8RvyHaW hJq75eZKarM+8boWvd1syWdP4IUTay1EUghXl2l63J9yJ/lQnevquu/bagWAHWvg jMA7LIu/kreDq9jdMcnBlfajWmnCwP/N53CA8MnkhYo34UtOyF1nORPCKQhZ/uIC ndQZ0HOR2XU/j6Ah75RKLz1E8Mw7ZC7SsAhfvRrt1F7iT2bmUp7/ECdZnAE5FUDK cu7ucUnGEU7/itFZ9JEzXdz7wrpDfAEep1Q== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddthedguddujecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffvuf ffkfggtgfgsehtqhertddttdejnecuhfhrohhmpehjohhhnhcumhhuhhhluceojhhmsehp uhgsrdhpihhnkheqnecuggftrfgrthhtvghrnhepteeuhffgueeijeetkeffjedutedtue eukeeuffekieelkeeugeelfeekhfeghfeunecuvehluhhsthgvrhfuihiivgeptdenucfr rghrrghmpehmrghilhhfrhhomhepjhhmsehpuhgsrdhpihhnkhdpnhgspghrtghpthhtoh epuddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepsghughdqghhnuhdqvghmrggt shesghhnuhdrohhrgh X-ME-Proxy: Feedback-ID: i74194916:Fastmail Original-Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Sat, 21 Dec 2024 15:48:54 -0500 (EST) Received-SPF: pass client-ip=202.12.124.154; envelope-from=jm@pub.pink; helo=fhigh-b3-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:297554 Archived-At: user-init-file is trusted by default but not other user files. C-xf ~/.emacs.d/early-init.el M-x flymake-mode Produces a warning: Disabling elisp-flymake-byte-compile in early-init.el (untrusted content) custom-file (when not the same as user-init-file) also causes a warning. Should these also be trusted by default? What about files put in place by a system admin or your distro=E2=80=99s Emacs package (e.g. site-run-file, default.el)? They generally require root priviledges to install so if they can=E2=80=99t be trusted you=E2=80=99re already in trouble. In GNU Emacs 31.0.50 (build 87, x86_64-pc-linux-gnu, GTK+ Version 3.24.43, cairo version 1.18.2) of 2024-12-21 built on thelio Repository revision: ff4fcfc92cd80c9dbc68855549102d07ef419268 Repository branch: master System Description: Fedora Linux 41 (Workstation Edition) Configured using: 'configure --with-pgtk --prefix=3D/home/jm/opt' Configured features: ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 MODULES NATIVE_COMP NOTIFY INOTIFY PDUMPER PGTK PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF TOOLKIT_SCROLL_BARS TREE_SITTER WEBP XIM GTK3 ZLIB Important settings: value of $LANG: en_US.UTF-8 locale-coding-system: utf-8-unix Major mode: ELisp/l Minor modes in effect: server-mode: t bug-reference-prog-mode: t bug-reference-mode: t completion-preview-mode: t outline-minor-mode: t ruler-mode: t winner-mode: t savehist-mode: t repeat-mode: t midnight-mode: t global-visual-wrap-prefix-mode: t visual-wrap-prefix-mode: t global-paren-face-mode: t paren-face-mode: t global-goto-address-mode: t goto-address-mode: t global-auto-revert-mode: t electric-pair-mode: t dynamic-completion-mode: t desktop-save-mode: t delete-selection-mode: t auto-insert-mode: t tooltip-mode: t global-eldoc-mode: t eldoc-mode: t show-paren-mode: t electric-quote-mode: t electric-indent-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t context-menu-mode: t global-font-lock-mode: t font-lock-mode: t minibuffer-regexp-mode: t column-number-mode: t line-number-mode: t transient-mark-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t auto-save-visited-mode: t Load-path shadows: None found. Features: (shadow sort mail-extr emacsbug magit-utils crm dash misearch multi-isearch texinfo texinfo-loaddefs tex-mode compare-w make-mode css-mode smie sgml-mode facemenu imenu eww vtable url-queue shr pixel-fill kinsoku url-file svg xml dom mm-url gnus message sendmail yank-media puny rfc822 mml mml-sec epa epg rfc6068 epg-config mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045 ietf-drums mailabbrev gmm-utils mailheader nnheader gnus-util mail-utils range mm-util mail-prsvr color python skeleton cc-mode cc-fonts cc-guess cc-menus cc-cmds cc-styles cc-align cc-engine cc-langs cc-vars cc-defs cc-bytecomp c++-ts-mode c-ts-mode c-ts-common mule-util dired-aux dired-x dired dired-loaddefs lua-ts-mode treesit flymake server warnings tabify fennel-mode xref project inf-lisp shell pcomplete shortdoc help-fns radix-tree cl-print debug backtrace find-func apropos cursor-sensor compile text-property-search comint ansi-osc ansi-color comp-run comp-common smerge-mode diff disp-table whitespace emacs-news-mode time-date vc-git diff-mode track-changes derived files-x vc-dir ewoc vc vc-dispatcher bug-reference completion-preview easy-mmode pcase noutline outline ruler-mode specter-theme auth-source-pass winner ring savehist repeat midnight visual-wrap paren-face compat goto-addr thingatpt cl-extra help-mode autorevert filenotify elec-pair completion desktop frameset delsel autoinsert cus-start time init fennel-mode-autoloads magit-autoloads git-commit-autoloads dash-autoloads magit-section-autoloads paren-face-autoloads finder-inf info with-editor-autoloads xr-autoloads package browse-url xdg url url-proxy url-expand url-methods url-history url-cookie generate-lisp-file url-domsuf url-util mailcap url-handlers url-parse auth-source cl-seq eieio eieio-core cl-macs password-cache json map byte-opt gv bytecomp byte-compile url-privacy url-vars early-init rx subr-x cus-edit pp cus-load icons wid-edit cl-loaddefs cl-lib rmc iso-transl tooltip cconv eldoc paren electric uniquify ediff-hook vc-hooks lisp-float-type elisp-mode mwheel term/pgtk-win pgtk-win term/common-win touch-screen pgtk-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu timer select scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors frame minibuffer nadvice seq simple cl-generic indonesian philippine cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite emoji-zwj charscript charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs theme-loaddefs faces cus-face macroexp files window text-properties overlay sha1 md5 base64 format env code-pages mule custom widget keymap hashtable-print-readable backquote threads dbusbind inotify dynamic-setting system-font-setting font-render-setting cairo gtk pgtk multi-tty move-toolbar make-network-process tty-child-frames native-compile emacs) Memory information: ((conses 16 4219242 387989) (symbols 48 31297 4) (strings 32 279165 15056) (string-bytes 1 12853103) (vectors 16 57830) (vector-slots 8 656011 595942) (floats 8 646 3216) (intervals 56 848446 3470) (buffers 992 79))