From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Daniel Radetsky Newsgroups: gmane.emacs.devel Subject: Re: Emacs Arbitrary Code Execution and How to Avoid It Date: Tue, 10 Dec 2024 10:03:52 -0800 Message-ID: References: <878qswfya2.fsf@librehacker.com> <87v7vzh4l1.fsf@stebalien.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="27955"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Jean Louis , steven@stebalien.com, christopher@librehacker.com, emacs-devel@gnu.org To: Richard Stallman Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue Dec 10 19:04:43 2024 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tL4bB-000789-TQ for ged-emacs-devel@m.gmane-mx.org; Tue, 10 Dec 2024 19:04:41 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tL4aZ-00016q-H1; Tue, 10 Dec 2024 13:04:03 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tL4aX-00016T-Jv for emacs-devel@gnu.org; Tue, 10 Dec 2024 13:04:01 -0500 Original-Received: from mail-pf1-x42e.google.com ([2607:f8b0:4864:20::42e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tL4aU-0001Hx-HL; Tue, 10 Dec 2024 13:04:00 -0500 Original-Received: by mail-pf1-x42e.google.com with SMTP id d2e1a72fcca58-725f4025e25so1892043b3a.1; Tue, 10 Dec 2024 10:03:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1733853835; x=1734458635; darn=gnu.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=5eK9DZ2YZtE3kLWwQkspM/Fws3ibnNSjFjbadDgIk0k=; b=St22yPqOd/Hzb7sUoToFgqFSNyzWm5V9zm3xJ4MyWiKB4IrSyrLCQ/1rAO7QMweokp shvysoTHLkSo8lu5M+BW/kXIWNsgV5ctBhYa9QwjxdaQAdyAdCeqcL3uP/Jo6CVIcg9b d0jqhynKDLHvhjNYDfRivUf3RoL7ID6Ts1lZ0whLSjZd1bzAqzhZvccuY7CCe/3QSjDJ VQa5gC0EEKu15mP3sPNnsW6JBxKTHr/NpAohXtS13EfYj4ojxxFGOc3YLo4hN+L/RxC4 temFkHOVQCs0Rr7Ad3b7G/GCI1F9ZF0st+x3xw8I4/vc8P1bh4e3digz3MDz/+tPMZfD Kp+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733853835; x=1734458635; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=5eK9DZ2YZtE3kLWwQkspM/Fws3ibnNSjFjbadDgIk0k=; b=EM6//laOslibhNitnZGQnppKecNOzUtgxVnFCxCDEJUjoaYePBoEaeoLW2GTqS57d5 OrariwZVxvAjoHJvKWO7Mxe8tYv+p5O2fmG2cdZusr3ZxSYDoxynZ20J2sYW+gWaIEyE f9aoPGjSNKNpwthPZZ9IccY5j2394AjkYRhyolTlUY6cHyGOC3q3AZKjGuKa4064zm6k 4gZF40Gkbypf0w4NP9DAAqCw4/abwBFL2MpUX+Wn8etBxkhppkCqS1SQdKvU4ruqnLi7 XqUQg2kzRWHM1YSJaxCaxjUe7ZcMFS5UFRwgh8r125kbHMYQidxdnddYz7CdOZwF0pf2 Wrhw== X-Forwarded-Encrypted: i=1; AJvYcCWdb00ADfdEnY8epVGqmp5rhnalR3vqa7GD4h8ixBMCtzcXAt81K/55MsN16I9zuSYXXYctf7Em/hymfw==@gnu.org X-Gm-Message-State: AOJu0YwTRpnQm52zJ+XsDy6gkVGKfewojwQmUzt+hM65LOH5E8ykxmQ+ ZYdq5CcUq8r6bGkyeQP8UHqsRCg4/k0GFYtheI+GBcArXY3LiRmSSLzH5g== X-Gm-Gg: ASbGncvuyaP0jvO5cClhdzzaCKNqCazUxrIrfMLehbETxBkZLS78dxlspc0oBs2t2Nu Ne4Mnx8x7g3byxZTMmzWG3v03wDEsUi2jDW15OloyZKUE50e++Rx9XIw0lH7ax85LilL5dfOE42 phP4kjf5BrYtC8ZoBhzya7gMtSiz6YY883CX1U0Mj8igfdgj8oifCeGHECwMoPDiWsOiibHFuFO fP6jT77Mplv4l5aeo4OsBGNmr80eNxIh3iRiqNAaNHhHPE= X-Google-Smtp-Source: AGHT+IGJHQt49ChYZt2RVEKD5WMR8fbA4lDnyrxKZi7edhONlm6AaVai5U6dHRo4vGWvlIz1SKOpwg== X-Received: by 2002:a17:90b:3807:b0:2ee:74a1:fb92 with SMTP id 98e67ed59e1d1-2ef6955f870mr26087665a91.6.1733853834956; Tue, 10 Dec 2024 10:03:54 -0800 (PST) Original-Received: from flap ([2601:645:8a81:69c0:c245:9007:7201:800f]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2ef2701c3b6sm11981181a91.24.2024.12.10.10.03.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Dec 2024 10:03:54 -0800 (PST) Content-Disposition: inline In-Reply-To: Received-SPF: pass client-ip=2607:f8b0:4864:20::42e; envelope-from=dradetsky@gmail.com; helo=mail-pf1-x42e.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:326305 Archived-At: On Fri, Dec 06, 2024 at 11:23:20PM -0500, Richard Stallman wrote: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > > I get it, though similar concepts are in many editors. As you said, > > "if flymake is enabled" which means that user enabling flymake should > > get informed of it. > > I firmly disagree. For Emacs to spontaneously execute code in files > that users did not say should be executed is simply unaccetable. As I understand it, the issue is that the user has already said "execute elisp code in any elisp-mode files," and that it is common for the user to have said this. This is why the reporter mentioned that popular emacs distros like doom enable this behavior by default. I don't believe there was any suggestion that vanilla emacs allowed this. > Warning users that this may happen is not sufficient -- we need to > _fix_ the problem. If the user has already asked emacs to execute elisp, the only thing that could IMO count as a fix is to _prevent_ them from doing this. Or at least to require that they reconfirm that this is what they want when emacs wants to execute the elisp, like with disabled commands.