From: Stefan Monnier <monnier@IRO.UMontreal.CA>
To: Matthias Dahl <ml_emacs-lists@binary-island.eu>
Cc: emacs-devel@gnu.org
Subject: Re: security of the emacs package system, elpa, melpa and marmalade
Date: Fri, 27 Sep 2013 11:47:49 -0400 [thread overview]
Message-ID: <jwvsiwqtgvf.fsf-monnier+emacs@gnu.org> (raw)
In-Reply-To: <5245938E.6040906@binary-island.eu> (Matthias Dahl's message of "Fri, 27 Sep 2013 16:17:50 +0200")
There are many different aspects in this discussion.
One is to try and come up with a technical way for Emacs's
implementation to try and prevent malicious code from harming the user
via some kind of sandboxing. While I do think we could hypothetically
come up with some kind of sandboxing that is sufficiently flexible to be
usable at least for some packages, I doubt we could make it really
effective against an attacker (i.e. I doubt we could plug all the
holes).
So such a sandboxing would mostly work as a "sanity check" which can
catch coding errors/oversights rather than malicious code.
Another way to look at the problem is to perform code review.
By default Emacs's packages.el only accesses GNU ELPA, where the code is
not extensively reviewed, but where some attempts to install malicious
code would get caught.
So you could argue that the problem is not ELPA in general but
"unsupervised" archives such as MELPA. Based on this, another approach
(one which should not require as much knowledge of Emacs subtleties as
the design and implementation of a sandboxing system) you could provide
a "safe MELPA alternative" where the changes are reviewed (to some
extent). Or maybe, just hack on MELPA directly to try and setup some
kind reviewing system.
Stefan
next prev parent reply other threads:[~2013-09-27 15:47 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-23 7:30 security of the emacs package system, elpa, melpa and marmalade Matthias Dahl
2013-09-23 14:17 ` Stefan Monnier
2013-09-25 8:11 ` Matthias Dahl
2013-09-25 17:00 ` Stefan Monnier
2013-09-25 18:31 ` Matthias Dahl
2013-09-25 22:42 ` Bastien
2013-09-26 9:02 ` Matthias Dahl
2013-09-27 14:02 ` Bastien
2013-09-27 14:17 ` Matthias Dahl
2013-09-27 14:19 ` Bastien
2013-09-27 18:29 ` Matthias Dahl
2013-09-26 1:09 ` Stefan Monnier
2013-09-26 9:02 ` Matthias Dahl
2013-09-26 9:21 ` Óscar Fuentes
2013-09-26 14:41 ` Stefan Monnier
2013-09-27 14:17 ` Matthias Dahl
2013-09-27 15:47 ` Stefan Monnier [this message]
2013-09-28 14:15 ` Richard Stallman
2013-09-30 15:12 ` Matthias Dahl
2013-09-30 21:11 ` Richard Stallman
2013-09-30 15:31 ` Matthias Dahl
2013-09-26 1:12 ` Stephen J. Turnbull
2013-09-26 9:02 ` Matthias Dahl
2013-09-27 7:10 ` Stephen J. Turnbull
2013-09-27 14:18 ` Matthias Dahl
2013-09-27 17:31 ` Stephen J. Turnbull
2013-09-30 15:25 ` Matthias Dahl
2013-10-01 2:19 ` Stephen J. Turnbull
2013-09-27 20:12 ` chad
2013-09-26 9:31 ` Andreas Röhler
2013-09-26 16:25 ` Richard Stallman
2013-09-27 14:18 ` Matthias Dahl
2013-09-27 15:04 ` Óscar Fuentes
2014-09-13 17:57 ` Thomas Koch
2013-09-29 10:12 ` Ted Zlatanov
2013-09-29 9:53 ` Ted Zlatanov
2013-09-29 17:49 ` Daiki Ueno
2013-09-29 18:18 ` Ted Zlatanov
2013-09-30 13:25 ` Ted Zlatanov
2013-09-30 14:50 ` Stephen J. Turnbull
2013-09-30 15:10 ` Matthias Dahl
2013-09-30 17:18 ` Ted Zlatanov
2013-10-01 14:03 ` Matthias Dahl
2013-10-02 2:45 ` Stephen J. Turnbull
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=jwvsiwqtgvf.fsf-monnier+emacs@gnu.org \
--to=monnier@iro.umontreal.ca \
--cc=emacs-devel@gnu.org \
--cc=ml_emacs-lists@binary-island.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).