From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: =?UTF-8?Q?Jo=C3=A3o_?= =?UTF-8?Q?T=C3=A1vora?= Newsgroups: gmane.emacs.bugs Subject: bug#45198: 28.0.50; Sandbox mode Date: Tue, 13 Sep 2022 13:53:50 +0100 Message-ID: References: <8355EDD1-FF78-43B1-8F96-4EB3316E8FEB@acm.org> <87pmg2f8uz.fsf@gnus.org> <3E355F21-1D0A-45AC-B33F-7C9FD1027F26@acm.org> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="000000000000c61c3305e88e8145" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="39737"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Alan Third , 45198@debbugs.gnu.org, Stefan Kangas , Philipp , Stefan Monnier , Lars Ingebrigtsen , Eli Zaretskii To: Mattias =?UTF-8?Q?Engdeg=C3=A5rd?= Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Sep 13 14:55:15 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oY5Rb-000A8F-5J for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 13 Sep 2022 14:55:15 +0200 Original-Received: from localhost ([::1]:41398 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oY5RZ-0005Cx-Oj for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 13 Sep 2022 08:55:13 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:42954) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oY5RP-0005Co-03 for bug-gnu-emacs@gnu.org; Tue, 13 Sep 2022 08:55:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:60551) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oY5RO-0006wQ-L2 for bug-gnu-emacs@gnu.org; Tue, 13 Sep 2022 08:55:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oY5RO-000321-Cv for bug-gnu-emacs@gnu.org; Tue, 13 Sep 2022 08:55:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: =?UTF-8?Q?Jo=C3=A3o_?= =?UTF-8?Q?T=C3=A1vora?= Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 13 Sep 2022 12:55:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 45198 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 45198-submit@debbugs.gnu.org id=B45198.166307365111574 (code B ref 45198); Tue, 13 Sep 2022 12:55:02 +0000 Original-Received: (at 45198) by debbugs.gnu.org; 13 Sep 2022 12:54:11 +0000 Original-Received: from localhost ([127.0.0.1]:49250 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oY5QY-00030c-Vp for submit@debbugs.gnu.org; Tue, 13 Sep 2022 08:54:11 -0400 Original-Received: from mail-io1-f45.google.com ([209.85.166.45]:45641) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oY5QX-00030M-GL for 45198@debbugs.gnu.org; Tue, 13 Sep 2022 08:54:09 -0400 Original-Received: by mail-io1-f45.google.com with SMTP id v128so9463329ioe.12 for <45198@debbugs.gnu.org>; Tue, 13 Sep 2022 05:54:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=akPOdF+egy+G/Wo1Q4tmLSpNMHNH3Mk7WvXqYMvhdI4=; b=COnqJ5jq/yzBoCAOmeHgQ7KvnuDj3++CPntTV8fbkBQ50k7GlfkGSsTikz+5GqY2y+ 09SSdNkc7EnZSbeFtb3yAN7ephZRH+21Z7Sm6ZFYzmhgsL6gfhFs4tvT4XA2rGSK9XCI Ki04IJbZpyOgjzSuCtmVaoXRFUNGdoCbetiJpa1EZ0hFTpdVQRAPeD1i+6LxwkiygCI3 twJoh5VqInAZcDpYy0vb7Ge9qjiDKocraW7P6WA4xbFHxb/1IgpVgidPK4POM/ytLmzq SYMzcoCXJZgDrI8dUR/xeUUHj9nyWKZtEraqI4M9x/5mJE3cFQpiW6zEbcDzX1OiozYb HlUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=akPOdF+egy+G/Wo1Q4tmLSpNMHNH3Mk7WvXqYMvhdI4=; b=S8I7u4tjfoCR4vQL1YjflaLi86zagQCI8IYK7U4VluouIzU4cb7Vjk3LLWcOntZIh0 XBZ0U7t+znsRsuEM1IKMXhonfe+zZxQufoP0nPXUYT83gKb8LyaPa5BxrGJJ8eaQJxNB 0xmNd9twPUtLeAhJxQxjOO/fpo5CSd6en5KvlBib1MLH3w7C3Y+jCYmZ86PXXpYlvXMB JZDmIzrgsIaF0gTtom2HHud6wqtvZR1CnEREWLI6R/en4ZqjssjG9obE7pTEjcKRWYnX 3JQddVSCqTlIOMbxujCgMMvvQC7oSx/Yay8jc51NXw+EFmYCyUFvaSsAOLmHykmpHr6Q 40iQ== X-Gm-Message-State: ACgBeo2e5SN1g7QCMltpn4lkniYYKQ6kGtO+bjz1UScTVkdBWs0lGz0r DIHGiZNnY3IIseyafqlMTMSYZ0oGjeiJ4Y1ak0A= X-Google-Smtp-Source: AA6agR47n1LoXGBUQ5x3HVtedUlM5sKr8oPCMyrahi7txtW5PZ3J35sHF+XT21Q/ch0t8yZKqShfZAv5LyM+CoENP14= X-Received: by 2002:a05:6638:3f16:b0:346:ca43:b56e with SMTP id ck22-20020a0566383f1600b00346ca43b56emr17537436jab.117.1663073643796; Tue, 13 Sep 2022 05:54:03 -0700 (PDT) In-Reply-To: <3E355F21-1D0A-45AC-B33F-7C9FD1027F26@acm.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:242360 Archived-At: --000000000000c61c3305e88e8145 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Sep 13, 2022, 13:37 wrote: > 11 sep. 2022 kl. 13.28 skrev Lars Ingebrigtsen : > > > This was a year ago, but it looks like none of these patches were > > applied? > > Probably means they weren't very good to begin with. > Heh. That's a bit harsh, but also true more often than not. > > > I think having a sandbox mode would certainly be good in principle. > > Same here, but I know how perilous it is to design interfaces without a > concrete and obviously useful application from the start so let's be > careful. I agree. Here's an obviously useful application in my humble opinion: to turn on Elisp's Flymake checker by default. To do that, we must ensure that this checker, which starts an emacs inferior process to byte-compile Lisp code, is guaranteed not to cause unintended side-effects. This inferior Emacs macro-expands macro calls and thus and runs code: there's no other way to compile Lisp code. It must thus not be allowed to do "unsandboxy" things like writing to the file system or network. Probably also not starting other processes. But probably it should be allowed to cons lists and intern symbols inside its address space. Jo=C3=A3o --000000000000c61c3305e88e8145 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Tue, Sep 13, 2022, 13:37 <mattiase@acm.org>= ; wrote:
11 sep. 2022 kl. 13.28 skr= ev Lars Ingebrigtsen <larsi@gnus.org>:

> This was a year ago, but it looks like none of these patches were
> applied?

Probably means they weren't very good to begin with.

Heh. That's a b= it harsh, but also true more often than not.

> I think having a sandbox mode would certainly be good in principle.
Same here, but I know how perilous it is to design interfaces without a con= crete and obviously useful application from the start so let's be caref= ul.

I= agree. Here's an obviously useful application in my humble opinion: to= turn on Elisp's Flymake checker by default.=C2=A0

To do that, we must ensure that this checker= , which starts an emacs inferior process to byte-compile Lisp code, is guar= anteed not to cause unintended side-effects.

This inferior Emacs macro-expands macro calls and thus= and runs code: there's no other way to compile Lisp code. It must thus= not be allowed to do "unsandboxy" things like writing to the fil= e system or network. Probably also not starting other processes. But probab= ly it should be allowed to cons lists and intern symbols inside its address= space.

Jo=C3=A3o
<= div dir=3D"auto">
--000000000000c61c3305e88e8145--