From: Michelangelo Rodriguez <michelangelo.rodriguez@gmail.com>
To: emacs-devel@gnu.org
Subject: Re: trusted-content seems to have effect only with sources specified.
Date: Sat, 28 Dec 2024 20:12:27 +0100 [thread overview]
Message-ID: <m2o70vwrj8.fsf@gmail.com> (raw)
In-Reply-To: <jwvzfkfamze.fsf-monnier+emacs@gnu.org> (Stefan Monnier's message of "Sat, 28 Dec 2024 09:48:09 -0500")
Stefan Monnier <monnier@iro.umontreal.ca> writes:
>>> I discovered the issue, i think.
>>> Incidentally the packages i refer in `trusted-content' are installed via
>>> `package-vc-install-from-checkout', that generates a symlink in the
>>> directory in which we install our packages.
>>> If i specify in `trusted-content' the symlink, it generates the error.
>>> So we should specify only real paths.
>>
>> I think it's a feature:
>
> It was done on purpose, yes:
>
> (defun trusted-content-p ()
> "Return non-nil if we trust the contents of the current buffer.
> Here, \"trust\" means that we are willing to run code found inside of it.
> See also `trusted-content'."
> ;; We compare with `buffer-file-truename' i.s.o `buffer-file-name'
> ;; to try and avoid marking as trusted a file that's merely accessed
> ;; via a symlink that happens to be inside a trusted dir.
>
>> it will catch the case of a malicious symlink
>> that redirects your trusted file/directory to a different place.
>
> In his case, the symlink presumably can't be malicious since it's inside
> a trusted directory. But I didn't want this trust to be transitive:
> just because the symlink is non-malicious doesn't mean the target can't
> contain things we can't control. You may setup a perfectly valid symlink
> to an area where you download random crap.
Maybe this feature should be documented?
`package-vc-install-from-checkout' is an api built-in emacs, that creates
symbolic links.
If an user tries to trust this "kind" of package, and it remains
untrusted, her/him will switch to trust all the content.
We should indicate that we have to use the true file name.
Regards,
next prev parent reply other threads:[~2024-12-28 19:12 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-27 7:04 trusted-content seems to have effect only with sources specified Michelangelo Rodriguez
2024-12-27 8:33 ` Eli Zaretskii
2024-12-27 9:24 ` Michelangelo Rodriguez
2024-12-27 9:39 ` Michelangelo Rodriguez
2024-12-27 12:31 ` Eli Zaretskii
2024-12-27 10:07 ` Michelangelo Rodriguez
2024-12-27 23:02 ` Michelangelo Rodriguez
2024-12-28 9:38 ` Eli Zaretskii
2024-12-28 14:48 ` Stefan Monnier
2024-12-28 19:12 ` Michelangelo Rodriguez [this message]
2024-12-28 19:26 ` Eli Zaretskii
2024-12-28 19:53 ` Michelangelo Rodriguez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2o70vwrj8.fsf@gmail.com \
--to=michelangelo.rodriguez@gmail.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).