From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Philipp Stephani Newsgroups: gmane.emacs.bugs Subject: bug#45198: 28.0.50; Sandbox mode Date: Sun, 13 Dec 2020 18:04:52 +0100 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="40144"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Bastien , 45198@debbugs.gnu.org, =?UTF-8?Q?Jo=C3=A3o_?= =?UTF-8?Q?T=C3=A1vora?= To: Stefan Monnier Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Dec 13 18:06:13 2020 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1koUp0-000AGW-LJ for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 13 Dec 2020 18:06:10 +0100 Original-Received: from localhost ([::1]:41784 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1koUoz-0006NB-N4 for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 13 Dec 2020 12:06:09 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:51558) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1koUos-0006Md-9B for bug-gnu-emacs@gnu.org; Sun, 13 Dec 2020 12:06:02 -0500 Original-Received: from debbugs.gnu.org ([209.51.188.43]:38438) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1koUos-0006hi-1G for bug-gnu-emacs@gnu.org; Sun, 13 Dec 2020 12:06:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1koUor-00012d-PS for bug-gnu-emacs@gnu.org; Sun, 13 Dec 2020 12:06:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Philipp Stephani Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 13 Dec 2020 17:06:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 45198 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 45198-submit@debbugs.gnu.org id=B45198.16078791113940 (code B ref 45198); Sun, 13 Dec 2020 17:06:01 +0000 Original-Received: (at 45198) by debbugs.gnu.org; 13 Dec 2020 17:05:11 +0000 Original-Received: from localhost ([127.0.0.1]:49984 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1koUo3-00011T-9P for submit@debbugs.gnu.org; Sun, 13 Dec 2020 12:05:11 -0500 Original-Received: from mail-oi1-f177.google.com ([209.85.167.177]:43159) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1koUo1-00011D-Bx for 45198@debbugs.gnu.org; Sun, 13 Dec 2020 12:05:09 -0500 Original-Received: by mail-oi1-f177.google.com with SMTP id q25so16463694oij.10 for <45198@debbugs.gnu.org>; Sun, 13 Dec 2020 09:05:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yv8HURJP5ofanAtWAiTOAUvBAj8/6A3diiH33PL7QhM=; b=YiboP73DxtmsL50pDObS5FJvfEujCDnPSGybJd9TnfPfY08EnBw2kPH4HXLNlOjsir nKgCnYpuoMiUlWYiyIy4W4bX47N/B78n9S+zwsnEsX0p8Npb36eXaqadwHx+/LWfpzvD vqQGOsEQX2/i04K9MQ+wIMB2t8r6aESmQ5NV4FXwgrTXprEeuugp7VLna7n/Nq2jFeTi HNR9qv3dL0PbR4WTUSp1FbQ2Txy89EAaPdL5s9jciei4BNggEqlWe7GUv/Gy1jy2v35D 4DUyvIzpEtkkfSN/OeugSbX+Cmvez3/zYpKdzObGNCOCo5GDJ8K9mA7KQ80QvTGAV+ez dl5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yv8HURJP5ofanAtWAiTOAUvBAj8/6A3diiH33PL7QhM=; b=GICHeArc8Glky5B4sZ9dVH4v50+cGUZsPJ4bAArCoPc1loUPoOHTyoZgwHrsuHEcyH TrP0zeIcOvWkCZibHpdR2asmNEuZvv8ENArHmS4NiXtYGbhYb9J7S7ZQgQGPWTVnnSrS tI0jOv//sIM916A4ADGyuF0OU84V4+kfMpPgVpxtz1ydgkvbxYGWfw1Rdnbiw3CCT2Ty LdOt/IZgOc5u4DRZRp6CQiwK5ZBgOzSno+dN+5YZU5OWlJFm1STdAmmDIPSJe/ACnP04 ywt6kpooscVivcwOl2QRLzgmzw0x4t6bnIMNIX3RaEUDb9O9sQtheluTu3/88XAlfmyw p32A== X-Gm-Message-State: AOAM531CusgKzIeVDdpy5WvwvFup8uKSABh8n2fXAkOzdE2jLMs0GAbY /82iM5nEV8UkYN4Jm7YKsMACT2F57PlUZVtcFAI= X-Google-Smtp-Source: ABdhPJxu/DsZnZfVw1h7tXm1lqAwbr2DR07o/YfzeAjOrtCcOOijmNRkv1zf4ZCJiPXyIcnHjScuUDZGvwS4JzFW9+o= X-Received: by 2002:a54:4881:: with SMTP id r1mr15455959oic.9.1607879103627; Sun, 13 Dec 2020 09:05:03 -0800 (PST) In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:195974 Archived-At: Am Sa., 12. Dez. 2020 um 20:40 Uhr schrieb Stefan Monnier : > > One thing I'm particularly eager to hear your opinion about is whether > there might be more holes to plug (i.e. more places where we need to > call `ensure_no_sandbox`). Clearly, from a security perspective, this is > the main drawback of this approach: it's based on a black list rather > than on a whitelist. Still, I have the impression that it should > be manageable. I don't think such an approach can work. It assumes perfect knowledge about anything that might be problematic, and also assumes that all future changes to Emacs take the sandbox question into account. Especially the latter point seems unrealistic, and this looks like a security incident waiting to happen. Sandboxing is good, but it should happen using an allowlist and established technology, such as firejail/bubblewrap/Google sandboxed API/...