From: "João Távora" <joaotavora@gmail.com>
To: Stefan Monnier <monnier@iro.umontreal.ca>
Cc: emacs-devel@gnu.org
Subject: Re: Safety of elisp-flymake-byte-compile (Was Re: [Emacs-diffs] scratch/allow-custom-load-paths)
Date: Fri, 14 Dec 2018 12:00:27 +0000 [thread overview]
Message-ID: <jjb36r071yc.fsf@gmail.com> (raw)
In-Reply-To: <jwvwoogz0k5.fsf-monnier+gmane.emacs.devel@gnu.org> (Stefan Monnier's message of "Tue, 11 Dec 2018 09:03:15 -0500")
Stefan Monnier <monnier@iro.umontreal.ca> writes:
>> Trust a file = loaded in the host Emacs - some known exceptions, right?
> I think rather than "loaded in the host Emacs" it'll have to be "in
> load-path", because Emacs is generally very liberal about automatically
> loading files from load-path, so anything in load-path is
> pretty much already trusted.
> [ I think someone™ should sit down and think hard about this in general
> (not only in the context of flymake), because "in load-path" is not as
> clearly defined as we might think, since we also sometimes load files
> from subdirectories within load-path.
> And hopefully, this someone should be well intentioned ;-) ]
This is orthonogal to the question right? I think for the time being we
can write some 'moderately-trusted-p (file)' function to hide that can
of worms.
>> So as soon as I load eglot.el, or eglot.elc in the host Emacs, it would
>> start working?
> Right, or even as soon as eglot is in your load-path.
Hmmm, there appears to be a contradiction here, or maybe I'm missing
something. Can you explain exactly what will happen if I C-u M-x
byte-compile-file the eglot.el file? That's the way I normally load .el
files: I usually don't put their directories in my load path unless they
have complicated dependencies, or I plan on keeping them in my config.
So, shouldn't we instead/also use 'features'?
>> If so, I could live with that. Until it starts working it could issue
>> some diagnostics saying "this macro is not known to be safe, so not
>> checking".
> Sounds OK, yes.
Good to have this one nailed down.
>> Now, how would you transmit this information about safe and unsafe
>> macros to from the host Emacs to the slave byte-compiling Emacs which is
>> a separate process? Via command-line parameters, an .el generated on
>> the fly (we already do this for the flymake'd file, btw), or something
>> else?
> If we use "in load-path" as the main criterion, then I think this
> question is a non-issue, right?
We still have to hand the host's load-path/features value to the slave
Emacs, right?
>> At least, the way I understand your solution for the "safe/unsafe" macro
>> problem it still doesn't seem to fix the fact that as soon as I type
>> "(launch-nuke)" into some already loaded macro in eglot.el, nukes are
>> potentially going to be launched by some unsuspecting macro-expansion
>> down below.
> Yup. That's the problem with the use of trust as a proxy for safety.
Yup x 2. With Flymake and macro expansions it's like you trust someone
to be reasonable, but then he turns into a nuke-lanching maniac just by
joking about it. Better not have nukes handy by then.
João
next prev parent reply other threads:[~2018-12-14 12:00 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20181204233600.7907.75252@vcs0.savannah.gnu.org>
[not found] ` <20181204233601.273DD209DC@vcs0.savannah.gnu.org>
2018-12-05 4:34 ` [Emacs-diffs] scratch/allow-custom-load-paths-in-elisp-flymake 4ef9711: Allow custom load paths in elisp's byte-compilation Flymake Stefan Monnier
2018-12-05 15:14 ` João Távora
2018-12-05 20:00 ` Glenn Morris
2018-12-05 20:40 ` João Távora
2018-12-08 13:23 ` Safety of elisp-flymake-byte-compile (Was Re: [Emacs-diffs] scratch/allow-custom-load-paths) João Távora
2018-12-08 15:36 ` Stefan Monnier
2018-12-10 0:20 ` João Távora
2018-12-10 2:22 ` Stefan Monnier
2018-12-10 23:17 ` João Távora
2018-12-11 14:03 ` Stefan Monnier
2018-12-14 12:00 ` João Távora [this message]
2018-12-14 12:15 ` Stefan Monnier
2018-12-14 13:09 ` João Távora
2018-12-14 13:27 ` Stefan Monnier
2018-12-14 13:38 ` João Távora
2018-12-14 14:13 ` Stefan Monnier
2018-12-11 19:30 ` Sandboxing (was: Safety of elisp-flymake-byte-compile) Stefan Monnier
2018-12-14 1:35 ` Sandboxing João Távora
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=jjb36r071yc.fsf@gmail.com \
--to=joaotavora@gmail.com \
--cc=emacs-devel@gnu.org \
--cc=monnier@iro.umontreal.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).