From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.bugs Subject: bug#45198: 28.0.50; Sandbox mode Date: Sat, 17 Apr 2021 13:53:34 -0400 Message-ID: References: <5818DFAA-3A9C-4335-BAAF-1227A02C290A@acm.org> <83o8ecvnok.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="24430"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) Cc: alan@idiocy.org, mattiase@acm.org, 45198@debbugs.gnu.org, stefan@marxist.se, p.stephani2@gmail.com, joaotavora@gmail.com To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Apr 17 19:55:10 2021 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lXp9y-0006El-CH for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 17 Apr 2021 19:55:10 +0200 Original-Received: from localhost ([::1]:51610 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lXp9v-00074r-JT for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 17 Apr 2021 13:55:08 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:51088) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lXp8u-0006Wj-9i for bug-gnu-emacs@gnu.org; Sat, 17 Apr 2021 13:54:04 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:32940) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lXp8s-0001d5-BS for bug-gnu-emacs@gnu.org; Sat, 17 Apr 2021 13:54:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lXp8s-0000UE-9u for bug-gnu-emacs@gnu.org; Sat, 17 Apr 2021 13:54:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Stefan Monnier Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 17 Apr 2021 17:54:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 45198 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 45198-submit@debbugs.gnu.org id=B45198.16186820291851 (code B ref 45198); Sat, 17 Apr 2021 17:54:02 +0000 Original-Received: (at 45198) by debbugs.gnu.org; 17 Apr 2021 17:53:49 +0000 Original-Received: from localhost ([127.0.0.1]:44486 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lXp8f-0000Tn-43 for submit@debbugs.gnu.org; Sat, 17 Apr 2021 13:53:49 -0400 Original-Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:42079) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lXp8d-0000TZ-Su for 45198@debbugs.gnu.org; Sat, 17 Apr 2021 13:53:48 -0400 Original-Received: from pmg2.iro.umontreal.ca (localhost.localdomain [127.0.0.1]) by pmg2.iro.umontreal.ca (Proxmox) with ESMTP id 5B96A8055F; Sat, 17 Apr 2021 13:53:42 -0400 (EDT) Original-Received: from mail01.iro.umontreal.ca (unknown [172.31.2.1]) by pmg2.iro.umontreal.ca (Proxmox) with ESMTP id 0594180618; Sat, 17 Apr 2021 13:53:36 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca; s=mail; t=1618682016; bh=9WyRzCLhEI1zlQ7Ku+iNw8LKU4ud/tAHF3skqW6QqtA=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=X/mL8GELE0zUuPDC0I8OG81Ap+tT7rNcXaWd344KuT7ACTjPnQ18LhkxeZ/SD7uMT GxLiMHBzGC8vJujILWGJKYlOti4KrLHKkZ7P1rPnXw1jUtlE8eX+W69j53jEG5G4qX cQhjWIIDmrLXsObDLPZGVBeVXbW0Em3hyPRDY9E2GWF78nlFmdOVkHaxj03VOr66W8 bgxlXq8ejZn3iNfzMY774QsE8QM6G5sBeeGl4o3GjmjI2TvT4pGuHAlg6YZdKG3lik k2ggWaDwU4V1YfKBbL+uuZsM37F3P0Tq0gl2W8fJd8NiaHWdXYqJHLrRhoY/WpRFBl Q9MYcrL1L7dlw== Original-Received: from alfajor (104-222-126-84.cpe.teksavvy.com [104.222.126.84]) by mail01.iro.umontreal.ca (Postfix) with ESMTPSA id B0A881202BB; Sat, 17 Apr 2021 13:53:35 -0400 (EDT) In-Reply-To: <83o8ecvnok.fsf@gnu.org> (Eli Zaretskii's message of "Sat, 17 Apr 2021 20:14:03 +0300") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:204238 Archived-At: >> My primary target is `elisp-flymake--batch-compile-for-flymake`. > What does that mean in practice? what does that "target" require? It needs to take untrusted ELisp code and run it (with no need for user interaction) in a way that doesn't introduce any security risk. Currently the code starts a new Emacs process in batch mode and lets it do whatever it wants, with all the security problems this entails. Normally, this untrusted ELisp code (the one present within `eval-when-compile` and macros defined within the file) limits itself to quite simple sexp manipulation, so the sandboxing can be quite restrictive, disallowing things like user interaction, uses of subprocesses, or writing to files. Stefan