From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: john muhl Newsgroups: gmane.emacs.bugs Subject: bug#75017: 31.0.50; Untrusted user lisp files Date: Mon, 23 Dec 2024 11:53:38 -0600 Message-ID: <87h66ub80t.fsf@pub.pink> References: <87bjx43gp7.fsf@pub.pink> <86frmg6xzf.fsf@gnu.org> <87frmf9r3z.fsf@pub.pink> <86v7va4kj6.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="29831"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: mu4e 1.12.1; emacs 31.0.50 Cc: 75017@debbugs.gnu.org, Stefan Monnier To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Dec 23 18:54:56 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tPmdr-0007aI-Km for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 23 Dec 2024 18:54:56 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tPmdP-0007XX-6X; Mon, 23 Dec 2024 12:54:27 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tPmd5-0007TK-TR for bug-gnu-emacs@gnu.org; Mon, 23 Dec 2024 12:54:10 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tPmd1-00062H-6u for bug-gnu-emacs@gnu.org; Mon, 23 Dec 2024 12:54:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=kZS/aIKagZB36OL/g9+k0P+m6OoeO6rSVO2tHuz1EUo=; b=lkaOaf4KTSsDkjiiHQVmkpVWVP64iaejSFUUVh/F/IsI8qnLgewP4CG3Peh4lZ0WW9p+/td/n8EvsrEJv6Jacot7Rj/rFMkHCzCP5oM5vc0DiwM6BEXVf2woLjTvgl1u3iiPSgG1YMr6TPGbpVKE+HadJfVwPpzW4OfiP7vcQT+2E32ceV+t+L8KwsUQABwldBbW5CDr1XKLPEHhap8tD01f4nk9LJChMWunL6Uaq9Wg7tfGYOwCTiZ3WLUkUto8rtbRF84PIv+DdgH1g02TsIvU6F6WcPwrt2XfCGhvKO7ImoY2lp068HnPejgKThHBQzw3xVyQ+lYMtmUlCHzMsQ==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tPmd1-0001a7-0q for bug-gnu-emacs@gnu.org; Mon, 23 Dec 2024 12:54:03 -0500 X-Loop: help-debbugs@gnu.org Resent-From: john muhl Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 23 Dec 2024 17:54:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 75017 X-GNU-PR-Package: emacs Original-Received: via spool by 75017-submit@debbugs.gnu.org id=B75017.17349764296050 (code B ref 75017); Mon, 23 Dec 2024 17:54:02 +0000 Original-Received: (at 75017) by debbugs.gnu.org; 23 Dec 2024 17:53:49 +0000 Original-Received: from localhost ([127.0.0.1]:56027 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tPmcm-0001ZW-G9 for submit@debbugs.gnu.org; Mon, 23 Dec 2024 12:53:48 -0500 Original-Received: from fhigh-b7-smtp.messagingengine.com ([202.12.124.158]:60361) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tPmck-0001ZF-Nx for 75017@debbugs.gnu.org; Mon, 23 Dec 2024 12:53:47 -0500 Original-Received: from phl-compute-11.internal (phl-compute-11.phl.internal [10.202.2.51]) by mailfhigh.stl.internal (Postfix) with ESMTP id 9BCFC25401B1; Mon, 23 Dec 2024 12:53:40 -0500 (EST) Original-Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-11.internal (MEProxy); Mon, 23 Dec 2024 12:53:40 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pub.pink; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1734976420; x=1735062820; bh=kZS/aIKagZB36OL/g9+k0P+m6OoeO6rSVO2tHuz1EUo=; b= aO+1gLyMiWz4/fYNtmNvtJgI2dGQ5wjd6Pmy8amRruTMCcyWuG51ezAyi+VA1S1I 8jUSSxKbIk/DmDOL2z+jeqgNnREl9aBD8/cx9ZdJO0YTutol+awi9dhXW6LMVyFG e42uOFyOScd8+Q5ej7ICGskw80k5KMXclAeB7jaFAFm69mb9rz6GKMI0n5gL+6dn oGwyY2KvSyp0vBJMoRdGH8nNo5Pipv1+an7O0+kh1rYPlEURpT6fBkj2PCNWu8Qq b7OwflmSQlol49VVhp57Bu4iIZHGGZiDWl4lvnmDQR/xoaXDu6MrkvBUnS1KHbcf 8cJg6LFGYDyvUe1yRhNFfA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1734976420; x= 1735062820; bh=kZS/aIKagZB36OL/g9+k0P+m6OoeO6rSVO2tHuz1EUo=; b=i miNS2cfRLG8MOdpkxZBMwUlFdWubllKQm/PBUwCJavnInb8UQBOCrcYCR4R3kuG3 1UrlDRyDNL780W1QwGrGSn5myB2TVVV4Pb3D/Xj3KOVhbrqrE3W1W2XnYig+FJ5K kGCleKAQ/wYlBqk4JHm5IwA6llNdjNm/CWrX8fX/zf+r0ZbKPMEavpsIZH8MU8h8 /Et/v/6ilqNeybybYghfwerARNJYHE9oUgQMSv7miUFSferDU1q539j9OcJqTFfn woeKnadjLhcBLoAM5NvTUiDoSHrEoVeA+llopBsOS7ueGT9wXo6uNmyHH1hI2FAS t3irWCk9nrbDLpL6fZtEA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddrudduvddggedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhephffvvefujghffgffkfggtgfgsehtqhertddtreej necuhfhrohhmpehjohhhnhcumhhuhhhluceojhhmsehpuhgsrdhpihhnkheqnecuggftrf grthhtvghrnhepgeevhedvtdetvdekuddvtddthefhvdfggfdvgfeitdejudehhfffjedt vdevveeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh epjhhmsehpuhgsrdhpihhnkhdpnhgspghrtghpthhtohepfedpmhhouggvpehsmhhtphho uhhtpdhrtghpthhtohepjeehtddujeesuggvsggsuhhgshdrghhnuhdrohhrghdprhgtph htthhopehmohhnnhhivghrsehirhhordhumhhonhhtrhgvrghlrdgtrgdprhgtphhtthho pegvlhhiiiesghhnuhdrohhrgh X-ME-Proxy: Feedback-ID: i74194916:Fastmail Original-Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 23 Dec 2024 12:53:39 -0500 (EST) In-Reply-To: <86v7va4kj6.fsf@gnu.org> (Eli Zaretskii's message of "Mon, 23 Dec 2024 15:05:17 +0200") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:297653 Archived-At: Eli Zaretskii writes: >> From: john muhl >> Cc: 75017@debbugs.gnu.org >> Date: Sun, 22 Dec 2024 18:32:00 -0600 >>=20 >> Specifically, I was surprised to find that user-init-file is >> assumed safe but not early-init-file. After reading the >> trusted-content part of the manual where it says =E2=80=9C=E2=80=A6which= means no >> file is trusted.=E2=80=9D I assumed that included user-init-file. When I >> saw that wasn=E2=80=99t the case I then assumed early-init-file would get >> the same treatment. Maybe a little extra clarity there would be >> sufficient for now. > > Maybe we should trust the early-init-file as well, but then where does > this end? The init files can load gobs of other files. And there's > also custom-file (when it isn't nil), desktop-dirname and > desktop-base-file-name, etc. etc. For Emacs 30 I=E2=80=99d end it with user-init-file, early-init-file and custom-file. The latter is already an implicit part of trusting of the user-init-file so it shouldn=E2=80=99t add any additional risk. The former two are I think in the same category of presumed safeness so distinguishing one as trusted and the other not seems odd. Longer term I agree with you that more experience will lead to better understanding of where to draw the line.