From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.bugs Subject: bug#45198: 28.0.50; Sandbox mode Date: Sat, 17 Apr 2021 16:26:25 -0400 Message-ID: References: <5818DFAA-3A9C-4335-BAAF-1227A02C290A@acm.org> <83o8ecvnok.fsf@gnu.org> <83lf9gvktv.fsf@gnu.org> <83im4kvi4e.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="24716"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) Cc: alan@idiocy.org, mattiase@acm.org, 45198@debbugs.gnu.org, stefan@marxist.se, p.stephani2@gmail.com, joaotavora@gmail.com To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Apr 17 22:27:12 2021 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lXrX5-0006HU-3I for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 17 Apr 2021 22:27:11 +0200 Original-Received: from localhost ([::1]:38364 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lXrX3-0008Pb-LJ for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 17 Apr 2021 16:27:09 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:46072) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lXrWw-0008PU-NU for bug-gnu-emacs@gnu.org; Sat, 17 Apr 2021 16:27:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:33210) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lXrWw-0000dR-Fs for bug-gnu-emacs@gnu.org; Sat, 17 Apr 2021 16:27:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lXrWw-0002FD-Ci for bug-gnu-emacs@gnu.org; Sat, 17 Apr 2021 16:27:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Stefan Monnier Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 17 Apr 2021 20:27:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 45198 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 45198-submit@debbugs.gnu.org id=B45198.16186911958595 (code B ref 45198); Sat, 17 Apr 2021 20:27:02 +0000 Original-Received: (at 45198) by debbugs.gnu.org; 17 Apr 2021 20:26:35 +0000 Original-Received: from localhost ([127.0.0.1]:44756 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lXrWV-0002EY-G3 for submit@debbugs.gnu.org; Sat, 17 Apr 2021 16:26:35 -0400 Original-Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:26286) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lXrWT-0002EI-KX for 45198@debbugs.gnu.org; Sat, 17 Apr 2021 16:26:33 -0400 Original-Received: from pmg1.iro.umontreal.ca (localhost.localdomain [127.0.0.1]) by pmg1.iro.umontreal.ca (Proxmox) with ESMTP id 284EB100222; Sat, 17 Apr 2021 16:26:28 -0400 (EDT) Original-Received: from mail01.iro.umontreal.ca (unknown [172.31.2.1]) by pmg1.iro.umontreal.ca (Proxmox) with ESMTP id 91F181000C9; Sat, 17 Apr 2021 16:26:26 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca; s=mail; t=1618691186; bh=E+dHsDtUmvYPcuMBofbdggfjKYzvw7+GEk/UjyIZDXU=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=U/7wth+N1XcBvnRaMqqSOuS1iEDdlrdPmr6sZT8k7b+Xs71r8f53/CnD6jD46kqLk ZK4z5yDdKbR8BEa3DRnQi3tmk0oxbTj0p2LQ2ByxMOYBcUs74Yo25hDVQfcwg7uheX ceOJ+pelv6YYf3X7nqctwZEI762bxRzvjgNZYBcyq2ZWq5nt+fUpqrur2KVZmNo0dY xOzVWNPVY4uWhdTPDsQoLMHoZGKRGYVdxYfq6skcN6VZ19Wbag7XauemKKfPUk8qU1 D6+W4t3yiMFolxjHWtNMaQ0wZAhQ/FqgQLRoZfOR6IF/Uw8e7lgJGlSW9tzTWb6pbj pyAID25OXALZQ== Original-Received: from alfajor (104-222-126-84.cpe.teksavvy.com [104.222.126.84]) by mail01.iro.umontreal.ca (Postfix) with ESMTPSA id 403691202AD; Sat, 17 Apr 2021 16:26:26 -0400 (EDT) In-Reply-To: <83im4kvi4e.fsf@gnu.org> (Eli Zaretskii's message of "Sat, 17 Apr 2021 22:14:09 +0300") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:204265 Archived-At: >> The normal way to enable flymake is something like >> >> (add-hook 'emacs-lisp-mode #'flymake-mode) >> >> so the file gets compiled just because you're looking at it. >> That's quite different from an explicit request from the user to compile >> a file. > > It is? Sorry, I don't see the difference, not a significant one. It make `C-x C-f` a tool to run arbitrary code (since the file may end with something apparently harmless like `.txt` but may actually use `emacs-lisp-mode`). > If you are implying that one does something conscious and deliberate > before byte-compiling a file, Have you ever byte-compiled a random ELisp file sent to you from some unknown email address without looking at it first? Have you ever viewed with Emacs a file sent from some unknown email address? For me the answers are "no, never" and "yes, many times". Enabling flymake mode as above currently blurs the difference between those two cases in terms of risks. > then one could also remove Flymake from the hook while at that. The whole point of the sandboxing exercise is so as to be able to have flymake-mode in the hook without exposing yourself to these vulnerabilities. Stefan