From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Dmitry Gutov Newsgroups: gmane.emacs.bugs Subject: bug#75017: 31.0.50; Untrusted user lisp files Date: Sun, 22 Dec 2024 22:27:34 +0200 Message-ID: <36eb8d61-cf0c-4ac9-a679-252a46a874ee@gutov.dev> References: <87bjx43gp7.fsf@pub.pink> <86frmg6xzf.fsf@gnu.org> <86ldw75zrd.fsf@gnu.org> <9a4969f4-858e-4493-a69f-8ca9b2861917@gutov.dev> <868qs75uwp.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="1547"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mozilla Thunderbird Cc: jm@pub.pink, stefankangas@gmail.com, 75017@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Dec 22 21:28:14 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tPSYg-0000Go-5G for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 22 Dec 2024 21:28:14 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tPSYW-0005PN-KU; Sun, 22 Dec 2024 15:28:04 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tPSYU-0005P9-HF for bug-gnu-emacs@gnu.org; Sun, 22 Dec 2024 15:28:02 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tPSYU-0006u0-8p for bug-gnu-emacs@gnu.org; Sun, 22 Dec 2024 15:28:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=In-Reply-To:From:References:MIME-Version:Date:To:Subject; bh=dApXVslb6cuiNDPNTVQy6LT4VGcdGNhquIz8BAcL6n4=; b=m6LEtTsShLrZyRX48oH34/mLN0mXEwqltLPdYEupqVwrt6bPaWOYr3zuI0bLw+3fnBvz4QpnFt7KzeBh8LhoCbzcF2H2eC1n5/wntUX8yfCSuXBGju9O8Godun2VsAdqlVejFNW8ehEA8Ydq5a51T7yc4CrFUGugFje2vR/t4DtiVjmsls2r0goBgj6pBTi3KyRKJq3mv4m6CP7TbO3fk9M5miaWHFL9/igg+WNVirtA5y71p2M9uey4NskRfg3LuG8XS6dfZRnvOjbOscs9yFnoJMv4+mk9rEKeR7/pJ8kaIOpzxIezOwOqo4W+kn69eKAmXk9DEsDjYv460Su8Iw==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tPSYU-00083N-3l for bug-gnu-emacs@gnu.org; Sun, 22 Dec 2024 15:28:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Dmitry Gutov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 22 Dec 2024 20:28:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 75017 X-GNU-PR-Package: emacs Original-Received: via spool by 75017-submit@debbugs.gnu.org id=B75017.173489926530931 (code B ref 75017); Sun, 22 Dec 2024 20:28:02 +0000 Original-Received: (at 75017) by debbugs.gnu.org; 22 Dec 2024 20:27:45 +0000 Original-Received: from localhost ([127.0.0.1]:52096 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tPSYD-00082o-BH for submit@debbugs.gnu.org; Sun, 22 Dec 2024 15:27:45 -0500 Original-Received: from fhigh-a1-smtp.messagingengine.com ([103.168.172.152]:43445) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tPSYB-00082a-Tx for 75017@debbugs.gnu.org; Sun, 22 Dec 2024 15:27:44 -0500 Original-Received: from phl-compute-12.internal (phl-compute-12.phl.internal [10.202.2.52]) by mailfhigh.phl.internal (Postfix) with ESMTP id B4E081140136; Sun, 22 Dec 2024 15:27:38 -0500 (EST) Original-Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-12.internal (MEProxy); Sun, 22 Dec 2024 15:27:38 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gutov.dev; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1734899258; x=1734985658; bh=dApXVslb6cuiNDPNTVQy6LT4VGcdGNhquIz8BAcL6n4=; b= lfLfOpl7CdUH2UutGcTK1AHUb/oi8CHQFBhGKxD6UnRwaQ8RTWYLD6nljqeP/6Jx 7FdhPBPTQ566sMJDFjDn6AiY+uE6NyM+bLzbr2IHzArQaNEoXxZMR/yaUx4P5PwL vkNNJr/CLaiIq6IltEeQue10Jnbi2CYgihP3m27K0UN5pIKD85BUFRA49SNmu4G6 73GaPToHdq1KkrjaR8JE27rmRSg75jbxMyLtGEEgMi5kakV8TngbzJZzE+i9bctb hnMeOUFivs25IBPZ/zHIV7z/OBBq4//SkAWhoy5/RpKDF6Z/x8FrVE2RT5BMuXCk E28rsB7QviOvPju5E4fqMg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1734899258; x= 1734985658; bh=dApXVslb6cuiNDPNTVQy6LT4VGcdGNhquIz8BAcL6n4=; b=F MuWGdhZGxgsRtNB6r44z8AtWiJ9cWngaESDjxHZyoZWlCX05e5Erd5+qoOc7Tke/ Sop62Zf+qswRfQ+IJ+GNiJyOG9uySYdlbHZ9+zH+sqozO9nX2wIHJ5UcRmkXVxiH lMg+MQfR0NBK1S4uqau73B0UeAmULHctcnohLESK6GHj/3d6smNmAP6z6qNJjCfv S2nQJ5T5TkTwpRuTkoT4ms9vodp1USS8EMrdramtqHi/GPu0/9GVh+vgPmCO5ZzT jz7pk5kS3OIPwzJZkec1bxbi2klK5kixJFNGUoBLSHmjwV5Cqq3eOrkPO/8HG0A6 WfUKwqxftbsxlaC28OtPw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddtkedgudefiecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivg hnthhsucdlqddutddtmdenucfjughrpefkffggfgfuvfevfhfhjggtgfesthejredttddv jeenucfhrhhomhepffhmihhtrhihucfiuhhtohhvuceoughmihhtrhihsehguhhtohhvrd guvghvqeenucggtffrrghtthgvrhhnpeetudeljeegheetgfehgeejkeeuhedvveeikeeu fedtvddtveefhfdvveegudejheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmh epmhgrihhlfhhrohhmpegumhhithhrhiesghhuthhovhdruggvvhdpnhgspghrtghpthht ohepgedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepvghlihiisehgnhhurdhorh hgpdhrtghpthhtohepshhtvghfrghnkhgrnhhgrghssehgmhgrihhlrdgtohhmpdhrtghp thhtohepjhhmsehpuhgsrdhpihhnkhdprhgtphhtthhopeejhedtudejseguvggssghugh hsrdhgnhhurdhorhhg X-ME-Proxy: Feedback-ID: i07de48aa:Fastmail Original-Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 22 Dec 2024 15:27:37 -0500 (EST) Content-Language: en-US In-Reply-To: <868qs75uwp.fsf@gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:297627 Archived-At: On 22/12/2024 22:23, Eli Zaretskii wrote: >> And Emacs will load whatever's written there on the next restart. >> Whether the user wrote to those files, or someone else. > Yes, and your point is..? That whatever malicious code we try to protect against using the "trusted content" mechanism would be executed anyway.