From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Augusto Stoffel Newsgroups: gmane.emacs.bugs Subject: bug#70440: [PATCH] Use -P switch when calling 'python-interpreter' Date: Fri, 19 Apr 2024 08:08:43 +0200 Message-ID: <87jzkthok4.fsf@gmail.com> References: <87h6fzj1b1.fsf@gmail.com> <861q73hkeq.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="10182"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Cc: 70440@debbugs.gnu.org, Eli Zaretskii To: kobarity Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri Apr 19 08:10:06 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rxhRl-0002R8-44 for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 19 Apr 2024 08:10:05 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rxhRV-0007iq-Pl; Fri, 19 Apr 2024 02:09:49 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rxhRU-0007iV-GL for bug-gnu-emacs@gnu.org; Fri, 19 Apr 2024 02:09:48 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rxhRU-0003Gw-8U for bug-gnu-emacs@gnu.org; Fri, 19 Apr 2024 02:09:48 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rxhRi-0004BY-0K for bug-gnu-emacs@gnu.org; Fri, 19 Apr 2024 02:10:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Augusto Stoffel Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 19 Apr 2024 06:10:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70440 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 70440-submit@debbugs.gnu.org id=B70440.171350695015822 (code B ref 70440); Fri, 19 Apr 2024 06:10:01 +0000 Original-Received: (at 70440) by debbugs.gnu.org; 19 Apr 2024 06:09:10 +0000 Original-Received: from localhost ([127.0.0.1]:56949 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxhQs-000478-83 for submit@debbugs.gnu.org; Fri, 19 Apr 2024 02:09:10 -0400 Original-Received: from mail-ed1-x531.google.com ([2a00:1450:4864:20::531]:57460) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rxhQp-000470-TR for 70440@debbugs.gnu.org; Fri, 19 Apr 2024 02:09:08 -0400 Original-Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-56e56ee8d5cso2361748a12.2 for <70440@debbugs.gnu.org>; Thu, 18 Apr 2024 23:08:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1713506927; x=1714111727; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=xFOVhqc674409pHr1o0cS+LI5DzBexhTPKaHlTUPI80=; b=bJOfAK/KPVadAyQYTPshyjPl7T6z4Od1OlqSOk0kW58wBt8pLWDpU63Q0D1YUNZcTC qsSVvsEJubTs558SjTDRHHYb9TqANkKZeQqz3dyEsnYJpu6lAl6CaozCmgOrQPvWNriY IEPdbVhP1kuBUOfAKTi1U9QArQeuYi/XNzqgSGFUDySf+N9Pd556FvbI6L+Sm9F4hTsP TMZSLohDq3uCH6ZH9DBLTpaw8bceTdhatw9llk62WxBbHmPxmniZiWN3jRsGzvf7RcUc 8gn+RIsFhg8HTM1Ltv043tJt/TEE/PwErmhnPYx5bKbth1gD8teIeDvclgecO186NgYg f/uQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713506927; x=1714111727; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=xFOVhqc674409pHr1o0cS+LI5DzBexhTPKaHlTUPI80=; b=fDpyYdlWaoOpDWWcYb6V5xp4vqm9qzWWvrS7hHbvM8pZudyj33HyLebzduzVKyjZPg 7wgUyI92IeuUK2oTkmYN/zvYKuqrPzT8tsXytr3RwJQJI839G7Jp3nuPByOb+hrCK5wT In4Bi4kAQ2yonjpwyGKdI1eSO5pV1suvwUmtIsjwztFzL0YvEkYS/lcHhiA45MboYQ7V vcCTBRxyUejcYt6Uszk+00f5U5ohl1cy/AuGxr15roGzk8d0zLNNDgnTLoOhUR7EYwZQ Kb5QmpBgBMr4puppBXm00Nc5VetP3Ee2JEG2z3X4rXltPy0jkxOr3uZbdN+w398IsAzd uLwg== X-Forwarded-Encrypted: i=1; AJvYcCUc7q9jGvhSlDz5MJNufsE6BTGiTHWu7oSmQm5TNbzEP/AuGMPQ4AMT2FF39D6oOjDBeUpgbeb7mwnYyTF6Ql7v/wNXoUM= X-Gm-Message-State: AOJu0YwpBpsOnokuMQhc+AHBvp5X2GS59cr3sxhcgvmAZOSroyYjx9mZ oi/rQba6bkLqn8AGlos5w5azhyMdDChQTB44hnDNmEG6jWOyaRzkfkaFpw== X-Google-Smtp-Source: AGHT+IGIoxD4/XeGx4KAzBCKmQDu06Q5PtcU5jh+TNlEFwN40LUhYABedcSzFdaoZkBm7U3eNCBpqA== X-Received: by 2002:a17:906:f255:b0:a52:2284:d97f with SMTP id gy21-20020a170906f25500b00a522284d97fmr744593ejb.25.1713506927113; Thu, 18 Apr 2024 23:08:47 -0700 (PDT) Original-Received: from ars3 ([2a02:8109:8a87:ff00::6223]) by smtp.gmail.com with ESMTPSA id 25-20020a170906311900b00a52331a9bdasm1753855ejx.48.2024.04.18.23.08.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Apr 2024 23:08:46 -0700 (PDT) In-Reply-To: (kobarity@gmail.com's message of "Fri, 19 Apr 2024 00:25:46 +0900") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:283631 Archived-At: --=-=-= Content-Type: text/plain On Fri, 19 Apr 2024 at 00:25, kobarity wrote: > The -P switch is new, introduced in CPython 3.11, so I don't think it > can be added unconditionally. Furthermore, `python-interpreter' may > not be CPython. Isn't it enough to customize > `python-interpreter-args'? After sleeping on this, I recommend using -P anyway and simply failing if the installed Python is too old. The reason is that this has a security implication, similar to the recent Org mode Latex preview situation. Without -P the user is tacitly trusting the contents of the current directory. By tricking an user into downloading a malicious file with an intentional name clash (say via git pull), arbitrary code could in principle be executed on the user's machine. The -P switch completely removes this possibility, and conversely, without -P there seems to be no reasonable way to make Python safe. I've attached a new patch that informs the user why the commands failed when Python is too old, which is good enough in my opinion. Note also that this change only affects the Python import management commands, which is a very handy but by no means essential feature. --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-Use-P-switch-when-calling-python-interpreter.patch >From 2cca02440069a31546eff04c8cd6c00b171a85a2 Mon Sep 17 00:00:00 2001 From: Augusto Stoffel Date: Wed, 17 Apr 2024 20:17:22 +0200 Subject: [PATCH] Use -P switch when calling 'python-interpreter' This excludes the current directory from Python's module load path, which can be unsafe. * lisp/progmodes/python.el (python--list-imports, python--do-isort), (python-fix-imports): Use -P switch (python--list-imports-check-status): Warn about old Python versions missing the -P switch. --- lisp/progmodes/python.el | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/lisp/progmodes/python.el b/lisp/progmodes/python.el index 85279d3e84b..304aa2d9d6e 100644 --- a/lisp/progmodes/python.el +++ b/lisp/progmodes/python.el @@ -6744,9 +6744,9 @@ python--list-imports try: from isort import find_imports_in_stream, find_imports_in_paths except ModuleNotFoundError: - exit(2) -except ImportError: exit(3) +except ImportError: + exit(4) query, files, result = argv[1] or None, argv[2:], {} @@ -6781,8 +6781,9 @@ python--list-imports-check-status (unless (eq 0 status) (let* ((details (cond - ((eq 2 status) " (maybe isort is missing?)") - ((eq 3 status) " (maybe isort version is older than 5.7.0?)") + ((eq 2 status) " (maybe Python version is older than 3.11?)") + ((eq 3 status) " (maybe isort is missing?)") + ((eq 4 status) " (maybe isort version is older than 5.7.0?)") (t ""))) (msg (concat "%s exited with status %s" details))) @@ -6805,7 +6806,7 @@ python--list-imports (append (split-string-shell-command python-interpreter-args) - `("-c" ,python--list-imports) + `("-Pc" ,python--list-imports) (list (or name ""))))) (with-current-buffer buffer (apply #'call-process @@ -6814,7 +6815,7 @@ python--list-imports (append (split-string-shell-command python-interpreter-args) - `("-c" ,python--list-imports) + `("-Pc" ,python--list-imports) (list (or name "")) (mapcar #'file-local-name source)))))) lines) @@ -6862,7 +6863,7 @@ python--do-isort (append (split-string-shell-command python-interpreter-args) - '("-m" "isort" "-") + '("-Pm" "isort" "-") args))) (tick (buffer-chars-modified-tick))) (unless (eq 0 status) @@ -6940,7 +6941,7 @@ python-fix-imports (append (split-string-shell-command python-interpreter-args) - '("-m" "pyflakes")))) + '("-Pm" "pyflakes")))) (goto-char (point-min)) (when (looking-at-p ".* No module named pyflakes$") (error "%s couldn't find pyflakes" python-interpreter)) -- 2.44.0 --=-=-=--