From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Michelangelo Rodriguez <michelangelo.rodriguez@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Re: trusted-content seems to have effect only with sources specified.
Date: Sat, 28 Dec 2024 20:53:57 +0100
Message-ID: <m2jzbjwpm2.fsf@gmail.com>
References: <m2bjwx4nf2.fsf@gmail.com> <861pxty189.fsf@gnu.org>
 <m2y100k9up.fsf@gmail.com> <86ed1suoyt.fsf@gnu.org>
 <jwvzfkfamze.fsf-monnier+emacs@gnu.org> <m2o70vwrj8.fsf@gmail.com>
 <86zfkfr4m7.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="5994"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sat Dec 28 20:54:26 2024
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1tRctG-0001SI-9e
	for ged-emacs-devel@m.gmane-mx.org; Sat, 28 Dec 2024 20:54:26 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces@gnu.org>)
	id 1tRcsx-0000LV-Va; Sat, 28 Dec 2024 14:54:08 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <michelangelo.rodriguez@gmail.com>)
 id 1tRcst-0000LK-9z
 for emacs-devel@gnu.org; Sat, 28 Dec 2024 14:54:03 -0500
Original-Received: from mail-ej1-x62e.google.com ([2a00:1450:4864:20::62e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <michelangelo.rodriguez@gmail.com>)
 id 1tRcsr-000299-UZ
 for emacs-devel@gnu.org; Sat, 28 Dec 2024 14:54:03 -0500
Original-Received: by mail-ej1-x62e.google.com with SMTP id
 a640c23a62f3a-aa68b513abcso1550730266b.0
 for <emacs-devel@gnu.org>; Sat, 28 Dec 2024 11:54:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1735415639; x=1736020439; darn=gnu.org;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=bqNdh6o6v7GQ/MmN1DwHjAD4JDGqNcIbUMt0KrZF5Qg=;
 b=XMwPpdfOBZcc2gD3F9U6USmp6x2uk5jSo8nyu+15+o9sIzjzQy2gAVjbvknzBK6WTk
 u9PAnHMr3q1GiyGvkxVxyBNdbeXU+kNV4JX1usW42y2MyH+2krgJAasdJCbKp98ONk7w
 q33okz1M/yZ8EeQQ5lAqV6K29NMpUSRm/kAZ9Pe47msbvFf6ql2TV6w4vKtnSJ/hZsf8
 FVr1dAZoysFTh5+XMQQZTDcgkXYyKP/i+H2SMQT4Agec+5KZKwD5VqaQgBkQow7bTaTW
 QDMoc331LteH8tVNf1sDYlx5zn4bW+GeJXV0hyjtKLWPOP6vBzghVk95vG2bSbfY6M1Z
 5C3A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1735415639; x=1736020439;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=bqNdh6o6v7GQ/MmN1DwHjAD4JDGqNcIbUMt0KrZF5Qg=;
 b=EFRetcqlTKshnZWL2elgvmz4E2FX4zKemX6awNvV/NJIp27XNi+uJiIEurA+IQZYyi
 V/IqefMa7cp5NxnIhN4mffHsJ5fdIiK78OpLhugPyMQiuWXjqfupujYp4MifpmqJiabq
 jWfIG38hHVETK7tm7whkoZazy0Af2CGdPAcsStPdzfYRl9Md+l/SYBZegDpTLozPKnS2
 IG4Yz3vnF+AnGkmoQmB1W3xd8+3NmcnFXvodhDP8spE47JPznFb88qzm91EeQi8pl02b
 XYvUQu3I3RWst7Qw7EsF1HUd7OcwVixr9VAo6dWoDJtD6IJG5P+HPjNRCWnqnB0RT+o4
 bVZw==
X-Gm-Message-State: AOJu0YyMpSZZHqLffC2dIYYNnqjoTotEaWQIEqvcPIcGTPE9JVXx1ZEU
 65zC3AXrgw3grh35vtzEJ1K/MeyOCC10jPUXjoDwqdnFMb9FJWNjyykpWq4R
X-Gm-Gg: ASbGncte3zEjZLwYPrX0Noc8Si7+udV1Tk8LjGC5NkykCWVhBFackJDGohfOTQPzOGC
 6LVnky8OPottcnk+az2IwciQzAa4vFEVsfiXUUfwfBV7JLoCsdoHcesxTIgBGMNn9trBBkMXgAv
 Y1qg6Z/e//Sfqc5m6VYDCRXYeoZr/d8nwWeZadYMP2gNm6N7nTEAzLMsaFFr0J0fV9oxUVEI0Xc
 HlfOTsQPAaOYLokA6+r1AuuswHLy+QGcTPkWQoW10TXKKZYA+r0AQ0F0p0wNmgV8HboP0a7UW4M
 d9wMOu42f5ap
X-Google-Smtp-Source: AGHT+IE8tHz63XVaCDk6UiR1uawZufdgrGr0RX9hco20F6YVG3WjNe1Lonjs8CuRTdAhJxQJCrBkLQ==
X-Received: by 2002:a17:907:704:b0:aac:23db:af61 with SMTP id
 a640c23a62f3a-aac2874937fmr3055959366b.3.1735415639299; 
 Sat, 28 Dec 2024 11:53:59 -0800 (PST)
Original-Received: from mac-mikey.local ([37.161.82.233])
 by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-aac0efe4941sm1288612966b.95.2024.12.28.11.53.58
 for <emacs-devel@gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Sat, 28 Dec 2024 11:53:58 -0800 (PST)
In-Reply-To: <86zfkfr4m7.fsf@gnu.org> (Eli Zaretskii's message of "Sat, 28 Dec
 2024 21:26:24 +0200")
Received-SPF: pass client-ip=2a00:1450:4864:20::62e;
 envelope-from=michelangelo.rodriguez@gmail.com; helo=mail-ej1-x62e.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.devel:327297
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/327297>

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Michelangelo Rodriguez <michelangelo.rodriguez@gmail.com>
>> Date: Sat, 28 Dec 2024 20:12:27 +0100
>> 
>> Stefan Monnier <monnier@iro.umontreal.ca> writes:
>> 
>> > It was done on purpose, yes:
>> >
>> >     (defun trusted-content-p ()
>> >       "Return non-nil if we trust the contents of the current buffer.
>> >     Here, \"trust\" means that we are willing to run code found inside of it.
>> >     See also `trusted-content'."
>> >       ;; We compare with `buffer-file-truename' i.s.o `buffer-file-name'
>> >       ;; to try and avoid marking as trusted a file that's merely accessed
>> >       ;; via a symlink that happens to be inside a trusted dir.
>> >
>> >> it will catch the case of a malicious symlink
>> >> that redirects your trusted file/directory to a different place.
>> >
>> > In his case, the symlink presumably can't be malicious since it's inside
>> > a trusted directory.  But I didn't want this trust to be transitive:
>> > just because the symlink is non-malicious doesn't mean the target can't
>> > contain things we can't control.  You may setup a perfectly valid symlink
>> > to an area where you download random crap.
>> Maybe this feature should be documented?
>> `package-vc-install-from-checkout' is an api built-in emacs, that creates
>> symbolic links.
>> If an user tries to trust this "kind" of package, and it remains
>> untrusted, her/him will switch to trust all the content.
>> We should indicate that we have to use the true file name.
>
> Isn't it obvious that trust should be given to actual files and
> directories, not links to them?
Yes, what is not obvious is to think that the problem is caused by
symbolic links