From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: chad Newsgroups: gmane.emacs.devel Subject: Re: security of the emacs package system, elpa, melpa and marmalade Date: Fri, 27 Sep 2013 16:12:18 -0400 Message-ID: <0E8D4571-E974-42AB-8B55-4EC3B0585104@mit.edu> References: <523FEE1B.9020408@binary-island.eu> <52429ABD.6090603@binary-island.eu> <52432BE9.1070402@binary-island.eu> <87d2nw1j3b.fsf@uwakimon.sk.tsukuba.ac.jp> <5243F828.6060901@binary-island.eu> <87a9iy2106.fsf@uwakimon.sk.tsukuba.ac.jp> <524593A0.7020502@binary-island.eu> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1380312819 9376 80.91.229.3 (27 Sep 2013 20:13:39 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 27 Sep 2013 20:13:39 +0000 (UTC) Cc: emacs-devel@gnu.org To: Matthias Dahl Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Sep 27 22:13:43 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1VPePx-00054h-Fn for ged-emacs-devel@m.gmane.org; Fri, 27 Sep 2013 22:13:37 +0200 Original-Received: from localhost ([::1]:38343 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VPePw-0005b8-NI for ged-emacs-devel@m.gmane.org; Fri, 27 Sep 2013 16:13:36 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:55906) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VPePn-0005Zm-67 for emacs-devel@gnu.org; Fri, 27 Sep 2013 16:13:33 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VPePg-0007FK-Lo for emacs-devel@gnu.org; Fri, 27 Sep 2013 16:13:27 -0400 Original-Received: from dmz-mailsec-scanner-3.mit.edu ([18.9.25.14]:65503) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VPePg-0007FC-Hd for emacs-devel@gnu.org; Fri, 27 Sep 2013 16:13:20 -0400 X-AuditID: 1209190e-b7f988e0000009a7-ba-5245e6ded8fa Original-Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id B0.0A.02471.ED6E5425; Fri, 27 Sep 2013 16:13:18 -0400 (EDT) Original-Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id r8RKCLL8000317; Fri, 27 Sep 2013 16:12:28 -0400 Original-Received: from [192.168.0.156] (wsip-68-101-40-9.dc.dc.cox.net [68.101.40.9]) (authenticated bits=0) (User authenticated as yandros@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id r8RKCJp4012670 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Fri, 27 Sep 2013 16:12:20 -0400 In-Reply-To: <524593A0.7020502@binary-island.eu> X-Mailer: Apple Mail (2.1510) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpileLIzCtJLcpLzFFi42IRYrdT0b33zDXI4OFGG4vHC56wWlzadYjJ gcnj26HvLB5t08wCmKK4bFJSczLLUov07RK4MpZ+nchccIa74vX8WcwNjMs4uxg5OSQETCT+ 3HjHBGGLSVy4t56ti5GLQ0hgH6PE4mOHoZyNjBKfdrYzQTiHmCT+7HzMCtLCLKAlcePfS6AE BwevgJ7E9l9yIGFhAR+JvdNvs4OE2QRkgKZqgIQ5BQwkZr75B7aMRUBVou3qUqgp4hI/7vZB 2doSyxa+ZgaxeQWsJP7+Ww51w1MmiWPNz8CKRASMJfob50FdLStx+txzlgmMgrOQXDQL4aJZ SMYuYGRexSibklulm5uYmVOcmqxbnJyYl5dapGusl5tZopeaUrqJERS8nJJ8Oxi/HlQ6xCjA wajEw3tghmuQEGtiWXFl7iFGSQ4mJVFerkdAIb6k/JTKjMTijPii0pzU4kOMEhzMSiK8wguA crwpiZVVqUX5MClpDhYlcd6bHPZBQgLpiSWp2ampBalFMFkZDg4lCd6rT4EaBYtS01Mr0jJz ShDSTBycIMN5gIbvBanhLS5IzC3OTIfIn2LU5di1ZtVXRiGWvPy8VClx3uUgRQIgRRmleXBz YEnnFaM40FvCvA9BqniACQtu0iugJUxASxw6nECWlCQipKQaGIsbF80UU6zU4BbNP+zqJFg9 90FEqN0CE+s/slOfBLX8nmd0esXMvurAUsvnDxbVPnAoY93LfF3Kwe7Ii4rgU9H3nn32C39e wnc1ZtY+34OmS1a1Jlkvimhc9o1d7nm1klD2LLkzRawfTnsn2vC5ftB/3OvuoXQq X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 18.9.25.14 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:163689 Archived-At: On 27 Sep 2013, at 10:18, Matthias Dahl = wrote: >=20 > All I am saying is: It would be very helpful if we could give the user = a > few tools to handle, grasp and maybe harden certain security aspects. If the user is downloading and running random code from the internet without checking its source in any way, then there's really not very much you can do. Java tries to do this to fairly great expense, and only vaguely succeeds. Python tried and gave up (apparently). If people download and run code from GNU ELPA, then there's a moderate degree of group-checking safety involved, similar to Debian (once elpa signing is in place). If they insist on using random snippets from wikis, forums, and marmalade (apparently; I haven't looked closely at marmalade), then there's really not. > You wouldn't work as root on your system, would you? And why should a > plugin get full rights if just needs a few infos from the local = buffer? I think this `joke' from XKCD is pretty instructive here: http://xkcd.com/1200/ In other words, "at least they didn't get root" doesn't really reflect the way computers are used today (/for the last decade). As a practical matter of giving the user a few tools, you might be better off looking at taint checking (perl, ruby) and warning the user (and potentially, elpa/marmalade/etc), rather than trying to add java-style sandboxing to elisp. I hope that helps, ~Chad