From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Daniel Mendler via "Bug reports for GNU Emacs, the Swiss army knife of text editors" Newsgroups: gmane.emacs.bugs Subject: bug#74879: 30.0.92; trusted-content-p and trusted-files cannot be used for non-file buffers Date: Sun, 15 Dec 2024 11:56:29 +0100 Message-ID: <87jzc1dxk2.fsf@daniel-mendler.de> References: <87ed29ixu8.fsf@daniel-mendler.de> <875xnlfdzi.fsf@daniel-mendler.de> <86cyhtrzmo.fsf@gnu.org> Reply-To: Daniel Mendler Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="10928"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: 74879@debbugs.gnu.org, monnier@iro.umontreal.ca, stefankangas@gmail.com To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Dec 15 11:57:27 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tMmJR-0002c0-RN for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 15 Dec 2024 11:57:26 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tMmJ6-0002fg-4T; Sun, 15 Dec 2024 05:57:04 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tMmJ4-0002fI-Mp for bug-gnu-emacs@gnu.org; Sun, 15 Dec 2024 05:57:02 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tMmJ4-0005rB-7E for bug-gnu-emacs@gnu.org; Sun, 15 Dec 2024 05:57:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=uTPZCG1T5NRegiRmSwMhDd40/uaZ6mJIvJwaDpNeUxY=; b=CEvHfOEOidTklLDrawpJo73nEtrp8Q9jkJnbOS4/peGTRjA9Z7aFjPLmAcbzIKHZLA4ifoOUnMdlCT7YAgPlkP7OTZMtFaZskHhJudNzhiQJlGLju2f8JQ9onx3QRWR7tPzpapunQmj8UniTBikncD0x8Jxo8pFgRHgJZ0HWp9sq5V9cKIYN8YAftUESq/Wa8RSySmpOz+OVWEuA/41sqi/OemvgiQ9USZuQDQhGC4yCG7JME4I0Ki70xbJpW/6KrfHlAUDGNzIXD/4Bv9GPvE01d02l2yKIuLegPKQVOG/uYycWkH081ZwgFCD0BIY0+T7dgYfIoSSxkahI9HLI4Q==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tMmJ3-0006ug-Q4 for bug-gnu-emacs@gnu.org; Sun, 15 Dec 2024 05:57:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Daniel Mendler Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 15 Dec 2024 10:57:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74879 X-GNU-PR-Package: emacs Original-Received: via spool by 74879-submit@debbugs.gnu.org id=B74879.173426020326543 (code B ref 74879); Sun, 15 Dec 2024 10:57:01 +0000 Original-Received: (at 74879) by debbugs.gnu.org; 15 Dec 2024 10:56:43 +0000 Original-Received: from localhost ([127.0.0.1]:49672 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tMmIk-0006u3-C5 for submit@debbugs.gnu.org; Sun, 15 Dec 2024 05:56:42 -0500 Original-Received: from server.qxqx.de ([49.12.34.165]:54899 helo=mail.qxqx.de) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tMmIf-0006tk-Gq for 74879@debbugs.gnu.org; Sun, 15 Dec 2024 05:56:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=daniel-mendler.de; s=key; h=Content-Type:MIME-Version:Message-ID:Date: References:In-Reply-To:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=uTPZCG1T5NRegiRmSwMhDd40/uaZ6mJIvJwaDpNeUxY=; b=IxgAbZKrKrrgBOUZNKHd+uLaaS Nw2g2q58KxnDZ0OrzIZUNyco2DRz8NnD36VqC+ehcoNPV0nMM+8FJBbBGqLrhrMVQpMhh0MAct61f QyRU+4FFkzcKDab+orFRfjRnz04JOJUUc1cTt4uogkDBPvMJYWllYGD9nUH6/N8A6Xwg=; In-Reply-To: <86cyhtrzmo.fsf@gnu.org> (Eli Zaretskii's message of "Sun, 15 Dec 2024 12:47:59 +0200") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:297094 Archived-At: Eli Zaretskii writes: >> Cc: Stefan Monnier , >> Stefan Kangas >> Date: Sun, 15 Dec 2024 11:16:17 +0100 >> From: Daniel Mendler via "Bug reports for GNU Emacs, >> the Swiss army knife of text editors" >> >> Daniel Mendler writes: >> >> > Thank you for the recent addition of `trusted-content-p'. Is there a >> > possibility to use `trusted-content-p' in buffers which are not backed >> > by a file? I use Flymake in *scratch* or similar buffers and it seems >> > that this won't continue to work given that `trusted-content-p' needs a >> > `buffer-file-truename'. >> > >> > My suggestion would be to replace `trusted-files' by a >> > `trusted-buffer-function' which is a predicate function or a list of >> > functions. The functions could then check a custom list of trusted files >> > or a custom list of trusted buffers. >> > >> > Alternatively offer `trusted-files', `trusted-buffers' and >> > `trusted-buffer-function`? `trusted-buffers' could for example rely on >> > `buffer-match-p`. >> >> I have also ported back `trusted-content-p' via Compat. I had the plan >> to use `trusted-content-p' in external packages which could potentially >> perform dangerous operations. This way the new feature can be used to >> retroactively improve the safety even of older Emacs installations. >> >> For example in my GNU ELPA Corfu package the plan was to check >> `(trusted-content-p)' when starting auto completion. To be clear - Corfu >> is safe by default, since auto completion is disabled by default. >> However many people enable auto completion unconditionally in all >> buffers. >> >> Now with the limitation of `trusted-content-p' to file-backed buffers, I >> cannot do this, since otherwise auto completion would be lost for >> example in *scratch* buffers. Each package could invent its own trust >> mechanism or alternatively one could limit the `trusted-content-p' check >> to only file-backed buffers. Both alternatives would be worse than going >> through the `trusted-content-p' standard mechanism. >> >> Therefore by making the `trusted-content-p' mechanism too limited, we >> get less safety than with a more flexible mechanism. Nevertheless I >> would avoid creating a complex mechanism given that the mechanism is >> supposed to be part of Emacs 30. The simplest approach I can think of >> this this `trusted-buffer-function', a hook called by >> `run-hook-with-args-until-success'. Later on trust functions can be >> provided and added to the hook list. The trust functions could check >> file lists, buffer lists, regexps etc. Users can also write their own >> predicate functions. > > What do you envision trusted-buffer-function should do in a buffer > that doesn't visit a file? `trusted-buffer-function' should be a hook variable, which could be set to multiple functions, e.g., #'trusted--files-p and #'trusted--buffers-p. The function `trusted--files-p' would check the variable `trusted-files' similar to the existing code in the emacs-30 branch. The function `trusted--buffers-p' could check another variable `trusted-buffers' which specifies a list of buffer name regexps or probably even better a `buffer-match-p' condition. This way the user could specify buffers which they consider safe, for example *scratch*. In the end it is up to the user how the variables are configured, as is already the case with `trusted-files'. The user must define which directories/files/buffers they consider safe. Daniel