From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.help Subject: Re: CVE-2017-14482 - Red Hat Customer Portal Date: Fri, 29 Sep 2017 11:17:49 +0300 Message-ID: <833775apg2.fsf@gnu.org> References: <87vak8c5mq.fsf@robertthorpeconsulting.com> NNTP-Posting-Host: blaine.gmane.org X-Trace: blaine.gmane.org 1506673127 29950 195.159.176.226 (29 Sep 2017 08:18:47 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 29 Sep 2017 08:18:47 +0000 (UTC) To: help-gnu-emacs@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Fri Sep 29 10:18:40 2017 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dxqVI-000703-AL for geh-help-gnu-emacs@m.gmane.org; Fri, 29 Sep 2017 10:18:37 +0200 Original-Received: from localhost ([::1]:34112 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dxqVP-0002l1-F7 for geh-help-gnu-emacs@m.gmane.org; Fri, 29 Sep 2017 04:18:43 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:43094) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dxqUj-0002ki-GK for help-gnu-emacs@gnu.org; Fri, 29 Sep 2017 04:18:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dxqUf-0003Iq-HV for help-gnu-emacs@gnu.org; Fri, 29 Sep 2017 04:18:01 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:57969) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dxqUf-0003Im-ET for help-gnu-emacs@gnu.org; Fri, 29 Sep 2017 04:17:57 -0400 Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:1050 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dxqUe-0001dP-R2 for help-gnu-emacs@gnu.org; Fri, 29 Sep 2017 04:17:57 -0400 In-reply-to: <87vak8c5mq.fsf@robertthorpeconsulting.com> (message from Robert Thorpe on Sun, 24 Sep 2017 19:29:17 +0100) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "help-gnu-emacs" Xref: news.gmane.org gmane.emacs.help:114461 Archived-At: > From: Robert Thorpe > Cc: eliz@gnu.org, help-gnu-emacs@gnu.org > Date: Sun, 24 Sep 2017 19:29:17 +0100 > > >> A file whose source you don't trust or are unfamiliar with should > >> initially be examined with find-file-literally, if your security is > >> indeed important for you. That emulates what most other text editors > >> do when you open a file. > >> > >> > > That's an unrealistic requirement; nobody will ever do this. Emacs must > > make sure to never run untrusted code when visiting a file, unless the user > > explicitly asked for (via the enable-local-eval variable). > > I think it would be very useful if Emacs had a concept of trusted-zones. > > So, a person could declare their main local partition to be trusted. Or > they could declare it to be trusted except for the browser cache (for > example). I think we currently lack the infrastructure to support such functionality in Emacs. IMO we should welcome work on such infrastructure, if someone wants to step forward and lead the development in that direction.