From: Lars Ingebrigtsen <larsi@gnus.org>
To: Eli Zaretskii <eliz@gnu.org>
Cc: 31709@debbugs.gnu.org
Subject: bug#31709: 27.0.50; Wishlist: Perhaps Emacs should load a file when getting a particular signal?
Date: Tue, 05 Jun 2018 17:21:46 +0200 [thread overview]
Message-ID: <m3602xmf79.fsf@gnus.org> (raw)
In-Reply-To: <83a7s9b8nv.fsf@gnu.org> (Eli Zaretskii's message of "Tue, 05 Jun 2018 17:38:28 +0300")
Eli Zaretskii <eliz@gnu.org> writes:
> Which functionality? to load a file whose name is fixed in the
> sources?
Yes.
> Having a fixed file name in Emacs that is loaded by an external signal
> would be a terrible security risk, no?
Well... Would it? I mean, the file would be something like
~/.emacs.d/sigusr1.el or something. To send a signal to the Emacs
process you either have to be the user or root, and if you're the user
or root, you already have all the access to the process that you need to
do, well, anything. Like it was pointed out here earlier, doing the
"make a running Emacs without a server do something" can be achieved
through gdb magic.
It's just something that's very finicky, and loading a file instead
would be something that a normal user could do.
So: The same attack surface that we already have, but a feature that
would be usable for a normal user.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
next prev parent reply other threads:[~2018-06-05 15:21 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-04 11:29 bug#31709: 27.0.50; Wishlist: Perhaps Emacs should load a file when getting a particular signal? Lars Ingebrigtsen
2018-06-04 12:27 ` Marcin Borkowski
2018-06-05 13:27 ` Lars Ingebrigtsen
2018-06-04 14:52 ` João Távora
2018-06-05 13:28 ` Lars Ingebrigtsen
2018-06-04 16:02 ` Eli Zaretskii
2018-06-05 13:31 ` Lars Ingebrigtsen
2018-06-05 14:28 ` Phil Sainty
2018-06-05 14:38 ` Eli Zaretskii
2018-06-05 15:21 ` Lars Ingebrigtsen [this message]
2018-06-05 15:45 ` Eli Zaretskii
2018-06-05 16:20 ` Robert Pluim
2018-06-05 15:35 ` Phil Sainty
2018-06-05 15:51 ` Phil Sainty
2018-06-05 16:24 ` Robert Pluim
2018-06-05 16:36 ` Phil Sainty
2018-06-05 17:05 ` Phil Sainty
2019-09-21 8:19 ` Lars Ingebrigtsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3602xmf79.fsf@gnus.org \
--to=larsi@gnus.org \
--cc=31709@debbugs.gnu.org \
--cc=eliz@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).