From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: john muhl Newsgroups: gmane.emacs.bugs Subject: bug#75017: 31.0.50; Untrusted user lisp files Date: Sun, 22 Dec 2024 18:32:00 -0600 Message-ID: <87frmf9r3z.fsf@pub.pink> References: <87bjx43gp7.fsf@pub.pink> <86frmg6xzf.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="28297"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: mu4e 1.12.1; emacs 31.0.50 Cc: 75017@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Dec 23 01:33:11 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tPWNi-00079q-QA for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 23 Dec 2024 01:33:11 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tPWNc-0000LY-B5; Sun, 22 Dec 2024 19:33:04 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tPWNa-0000KH-IA for bug-gnu-emacs@gnu.org; Sun, 22 Dec 2024 19:33:02 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tPWNa-0003Uz-9d for bug-gnu-emacs@gnu.org; Sun, 22 Dec 2024 19:33:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=IxnRHTs0gJjwazy/KghjR5kAlHFERVRAqcRyhZYez0I=; b=dnTc6E4+fYEPceRdwy4enc9ZZ1Gz/lPsPbCIRxy0fObgCYqliX4G9VMyUifZtNX24afFrry88Iq/RXDXs1k6kINiRdFXLR/NPD4ql6Qm6D9qj52YLDsZISmwh9V0+whk/w6YyZyhw499LyYMsjEDQy6hnAJSE/0P8sgWb4ELVmVbYk/xvkmvSKd3nPk6pTqsDnD0rjy8HhsPsSQT5owmNN8wDw2QU7RPVeZeuEK7xrXAmvTqRNcpgpUBxQav4JH3z8xf86AGHLYPmD/VI25PDdBKT16WyBBJRKlrthHpbmseJ5WP0U8ffAg3J601ucnhQ+xgvGKBzgvr4wCNul1txA==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tPWNZ-0002VW-SS for bug-gnu-emacs@gnu.org; Sun, 22 Dec 2024 19:33:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: john muhl Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 23 Dec 2024 00:33:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 75017 X-GNU-PR-Package: emacs Original-Received: via spool by 75017-submit@debbugs.gnu.org id=B75017.17349139319562 (code B ref 75017); Mon, 23 Dec 2024 00:33:01 +0000 Original-Received: (at 75017) by debbugs.gnu.org; 23 Dec 2024 00:32:11 +0000 Original-Received: from localhost ([127.0.0.1]:52514 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tPWMk-0002UA-Rq for submit@debbugs.gnu.org; Sun, 22 Dec 2024 19:32:11 -0500 Original-Received: from fhigh-b4-smtp.messagingengine.com ([202.12.124.155]:44105) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tPWMi-0002Tu-05 for 75017@debbugs.gnu.org; Sun, 22 Dec 2024 19:32:10 -0500 Original-Received: from phl-compute-09.internal (phl-compute-09.phl.internal [10.202.2.49]) by mailfhigh.stl.internal (Postfix) with ESMTP id 20E2C254010D; Sun, 22 Dec 2024 19:32:02 -0500 (EST) Original-Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-09.internal (MEProxy); Sun, 22 Dec 2024 19:32:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pub.pink; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1734913921; x=1735000321; bh=IxnRHTs0gJjwazy/KghjR5kAlHFERVRAqcRyhZYez0I=; b= dDQ8ZlUt4BqFxWegNAMU1jqM/xhAVe6IHIqA4H5udLayyfnpzSLBX1503Rv2yk/x WoCbVHCVyQlAag4V9lIeaGG4P1drPzGERHE9tOUirtdbSBZm+G6X0Jk6WXYtccEN Z7CgwZ+el3OB0BGkSs20BdTgzg0ogYhgu4+r1WTZ0x9eOLx1XIYdfxTjq8uY2aJK T+x7lHD6V3QG882yMGJ2FGcpZrqsuvPKn+axwSc4WXdymgCvI1hxEWhQns6JImSW 8IS3K1yBRaGE7AahpnZHdGWz4u7CWGqJ3W70SEs5E4b/3zkB3pjeaeUaCvahMI6F vrxu0wzp3r8LR1HuvZb/lg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1734913921; x= 1735000321; bh=IxnRHTs0gJjwazy/KghjR5kAlHFERVRAqcRyhZYez0I=; b=p EGfrxTy14oRkKNYg0siDrbEStTogf412jruITte48PCozhsn+lrYl1N10TivBMcV Sy11nOUq+6fKExMrhfd4/zNEgJhFhzUVT93x1mrKNxYusBY70KrDeI48MwFtGj7U bhlKOeJX5HS0rBC0wfpn3rG/OFtC4fZMxAZSOmt9GladtdYsDqx5V5WG/fyo5tMj J77AXKt6A/sxH9DxWvpsY/1X0zE414/kb1iXHsrwgdnuJwNlJ7XYkBPdOcLz/xIR SzPUhhYpmX+hBfFICfECgI7m0ZADqO8UOzE3FUiHzE1thqiKzF0rDrCGd5qMo8mY WC59+265CjQx1ENvsBYjw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddtledgvdefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhephffvvefujghffgffkfggtgfgsehtqhertddtreej necuhfhrohhmpehjohhhnhcumhhuhhhluceojhhmsehpuhgsrdhpihhnkheqnecuggftrf grthhtvghrnhepgeevhedvtdetvdekuddvtddthefhvdfggfdvgfeitdejudehhfffjedt vdevveeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epjhhmsehpuhgsrdhpihhnkhdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtphho uhhtpdhrtghpthhtohepjeehtddujeesuggvsggsuhhgshdrghhnuhdrohhrghdprhgtph htthhopegvlhhiiiesghhnuhdrohhrgh X-ME-Proxy: Feedback-ID: i74194916:Fastmail Original-Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 22 Dec 2024 19:32:01 -0500 (EST) In-Reply-To: <86frmg6xzf.fsf@gnu.org> (Eli Zaretskii's message of "Sun, 22 Dec 2024 08:19:32 +0200") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:297635 Archived-At: Eli Zaretskii writes: >> From: john muhl >> Date: Sat, 21 Dec 2024 14:48:52 -0600 >>=20 >> user-init-file is trusted by default but not other user files. >>=20 >> C-xf ~/.emacs.d/early-init.el >> M-x flymake-mode >>=20 >> Produces a warning: >>=20 >> Disabling elisp-flymake-byte-compile in early-init.el (untrusted conte= nt) >>=20 >> custom-file (when not the same as user-init-file) also causes a >> warning. Should these also be trusted by default? > > No, not IMO. Please add those files you know you can trust to the > list of trusted files, and let's see if that works well for you. If, > after you have used that for some time, you have observations to > report or changes to suggest, please do, but let's please base such > observations on some sufficiently significant (read: long enough) > experience. Sure. That=E2=80=99s what I=E2=80=99ve done and it=E2=80=99ll certainly wor= k for me. I very rarely need to deal with untrusted files so of all Emacs users I=E2=80=99ll be among those affected the least. >> What about files put in place by a system admin or your distro=E2=80=99s >> Emacs package (e.g. site-run-file, default.el)? They generally >> require root priviledges to install so if they can=E2=80=99t be trusted >> you=E2=80=99re already in trouble. > > On my system, these files do not need any admin privileges, so I don't > think we should trust them by default. Users who know that these > files are modified only by trusted admins can and probably should add > them to the list of trusted files, if they need that (in general, > there should be no need to run Flymake in those files, in which case > these files don't need to be added even if they are trusted). > > Btw, if we are talking about trusted admins, then entire directories > should be trusted, for example /usr/share or /usr/share/emacs. > There's a reason why we didn't do that by default. Makes sense. These system files were a bit of a tangent to what triggered this issue. Specifically, I was surprised to find that user-init-file is assumed safe but not early-init-file. After reading the trusted-content part of the manual where it says =E2=80=9C=E2=80=A6which me= ans no file is trusted.=E2=80=9D I assumed that included user-init-file. When I saw that wasn=E2=80=99t the case I then assumed early-init-file would get the same treatment. Maybe a little extra clarity there would be sufficient for now.