From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: =?iso-8859-1?Q?Jo=E3o_T=E1vora?= Newsgroups: gmane.emacs.devel Subject: Re: Safety of elisp-flymake-byte-compile (Was Re: [Emacs-diffs] scratch/allow-custom-load-paths) Date: Fri, 14 Dec 2018 12:00:27 +0000 Message-ID: References: <20181204233600.7907.75252@vcs0.savannah.gnu.org> <20181204233601.273DD209DC@vcs0.savannah.gnu.org> <87sgz89mpu.fsf_-_@gmail.com> <87mupe9qqw.fsf@gmail.com> <87in019dle.fsf@gmail.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1544788728 28433 195.159.176.226 (14 Dec 2018 11:58:48 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 14 Dec 2018 11:58:48 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (windows-nt) Cc: emacs-devel@gnu.org To: Stefan Monnier Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Dec 14 12:58:44 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gXm78-0007I1-Dm for ged-emacs-devel@m.gmane.org; Fri, 14 Dec 2018 12:58:42 +0100 Original-Received: from localhost ([::1]:32969 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gXm9F-0006j8-0V for ged-emacs-devel@m.gmane.org; Fri, 14 Dec 2018 07:00:53 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:36810) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gXm94-0006ig-F8 for emacs-devel@gnu.org; Fri, 14 Dec 2018 07:00:46 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gXm8z-0008Iq-Ej for emacs-devel@gnu.org; Fri, 14 Dec 2018 07:00:42 -0500 Original-Received: from mail-wr1-x436.google.com ([2a00:1450:4864:20::436]:44607) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gXm8y-0008I5-59 for emacs-devel@gnu.org; Fri, 14 Dec 2018 07:00:36 -0500 Original-Received: by mail-wr1-x436.google.com with SMTP id z5so5164000wrt.11 for ; Fri, 14 Dec 2018 04:00:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-transfer-encoding; bh=e/hz6/fUsldIylbUX3ZyFj9jyp2cNRi38NE9aCMuZ/M=; b=S7Wd+oWxsReufdFOraeBR+jkrbB66R8z5pKHVY3k1ySXPV7fuZnWiE3roeriYHijY2 sT0dSHKWeSmVul7rP4j2DBR/3GeVpNf+lsKg3GX+s+epVLV6M67IHHkEJ0eVNCQ7wcKn su6SnrZLbhZUraLy4Z8AKoNE2yMDI8OIIRLNXbiUrPW17/cF6y7zu6XaSQZn9eKhctCN s2irBLlREypNCJiTbJxm9zzmJpefNF5FAAuomzGJ/EuwSwTxOtCgT5Ir8wF3QnTkt79e RlxVj4ku+6dxOPToJVID0Yq8Ep/Y/Mr/RsYr6sYIO1IVGXtm9TUDL2g3mpZ3aaOWnBfe 4nhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version:content-transfer-encoding; bh=e/hz6/fUsldIylbUX3ZyFj9jyp2cNRi38NE9aCMuZ/M=; b=Rbl8p15EeMmcE+JILw3aH6PpJKos8ZdSWBdZ9gu/O6SQyj/qMOkBXeROxPgN7GYniJ JxEuHRbRRq6ljtAixMuWV0Bx2TGnsJ7DGNZc3hYZ4GxL6U9G2hhvhvKwlSEt7NnI0SR3 TwreUUPSS5AiD8ZvNveRKYsVXDG17+xpWhLujrbjE/nnlsLD76jItBmw57p2ooad9rlP FZd9v4hApqL4hG7lG+8AqHfMIb/qAz/rLJUlYNJ9lW9HpAY1wW0bcu/ez5qlO2jUcl8C bcwM3HsPLf5QCt52rpqbZmMcgGKdBzTPd0gH+aBcxwZdlaqQfleD2dmUBw/Q5TR/DT7w pjDg== X-Gm-Message-State: AA+aEWbllEfrG+19OmpcmWHH+II1qZoh+Rh1J1xaTYhiFswjpn62hmFO fNso7Zm46adhxuKPXPVEJpITTipX X-Google-Smtp-Source: AFSGD/VTrsGxEqeZt4Dp8n8BWbmx6DWj1+kkF5Vm5Pl8wkzNQn/Dq7Ek6LJ/r++5tXr7DVuH1ziGig== X-Received: by 2002:a5d:480d:: with SMTP id l13mr2531070wrq.175.1544788834352; Fri, 14 Dec 2018 04:00:34 -0800 (PST) Original-Received: from GONDOMAR.yourcompany.com (mail3.siscog.pt. [195.23.29.18]) by smtp.gmail.com with ESMTPSA id l20sm10937960wrb.93.2018.12.14.04.00.32 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 14 Dec 2018 04:00:33 -0800 (PST) In-Reply-To: (Stefan Monnier's message of "Tue, 11 Dec 2018 09:03:15 -0500") X-Antivirus: AVG (VPS 181213-2, 13-12-2018), Outbound message X-Antivirus-Status: Clean X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::436 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:231824 Archived-At: Stefan Monnier writes: >> Trust a file =3D loaded in the host Emacs - some known exceptions, right? > I think rather than "loaded in the host Emacs" it'll have to be "in > load-path", because Emacs is generally very liberal about automatically > loading files from load-path, so anything in load-path is > pretty much already trusted. > [ I think someone=99 should sit down and think hard about this in general > (not only in the context of flymake), because "in load-path" is not as > clearly defined as we might think, since we also sometimes load files > from subdirectories within load-path. > And hopefully, this someone should be well intentioned ;-) ] This is orthonogal to the question right? I think for the time being we can write some 'moderately-trusted-p (file)' function to hide that can of worms. >> So as soon as I load eglot.el, or eglot.elc in the host Emacs, it would >> start working? > Right, or even as soon as eglot is in your load-path. Hmmm, there appears to be a contradiction here, or maybe I'm missing something. Can you explain exactly what will happen if I C-u M-x byte-compile-file the eglot.el file? That's the way I normally load .el files: I usually don't put their directories in my load path unless they have complicated dependencies, or I plan on keeping them in my config. So, shouldn't we instead/also use 'features'? >> If so, I could live with that. Until it starts working it could issue >> some diagnostics saying "this macro is not known to be safe, so not >> checking". > Sounds OK, yes. Good to have this one nailed down. >> Now, how would you transmit this information about safe and unsafe >> macros to from the host Emacs to the slave byte-compiling Emacs which is >> a separate process? Via command-line parameters, an .el generated on >> the fly (we already do this for the flymake'd file, btw), or something >> else? > If we use "in load-path" as the main criterion, then I think this > question is a non-issue, right? We still have to hand the host's load-path/features value to the slave Emacs, right? >> At least, the way I understand your solution for the "safe/unsafe" macro >> problem it still doesn't seem to fix the fact that as soon as I type >> "(launch-nuke)" into some already loaded macro in eglot.el, nukes are >> potentially going to be launched by some unsuspecting macro-expansion >> down below. > Yup. That's the problem with the use of trust as a proxy for safety. Yup x 2. With Flymake and macro expansions it's like you trust someone to be reasonable, but then he turns into a nuke-lanching maniac just by joking about it. Better not have nukes handy by then. Jo=E3o