From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Matthias Dahl Newsgroups: gmane.emacs.devel Subject: Re: security of the emacs package system, elpa, melpa and marmalade Date: Mon, 30 Sep 2013 17:25:06 +0200 Message-ID: <524997D2.9080602@binary-island.eu> References: <523FEE1B.9020408@binary-island.eu> <52429ABD.6090603@binary-island.eu> <52432BE9.1070402@binary-island.eu> <87d2nw1j3b.fsf@uwakimon.sk.tsukuba.ac.jp> <5243F828.6060901@binary-island.eu> <87a9iy2106.fsf@uwakimon.sk.tsukuba.ac.jp> <524593A0.7020502@binary-island.eu> <8738oq189y.fsf@uwakimon.sk.tsukuba.ac.jp> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1380554723 18568 80.91.229.3 (30 Sep 2013 15:25:23 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 30 Sep 2013 15:25:23 +0000 (UTC) Cc: Stefan Monnier , emacs-devel@gnu.org To: "Stephen J. Turnbull" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Sep 30 17:25:27 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1VQfLh-0007Pp-9w for ged-emacs-devel@m.gmane.org; Mon, 30 Sep 2013 17:25:25 +0200 Original-Received: from localhost ([::1]:49256 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VQfLg-0001P1-ST for ged-emacs-devel@m.gmane.org; Mon, 30 Sep 2013 11:25:24 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:50988) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VQfLY-0001OH-55 for emacs-devel@gnu.org; Mon, 30 Sep 2013 11:25:22 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VQfLR-0002Ul-Vj for emacs-devel@gnu.org; Mon, 30 Sep 2013 11:25:16 -0400 Original-Received: from hemera.binary-island.eu ([97.107.138.233]:59308) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VQfLR-0002UY-Rw for emacs-devel@gnu.org; Mon, 30 Sep 2013 11:25:09 -0400 Original-Received: from [10.0.0.20] (95-88-238-193-dynip.superkabel.de [95.88.238.193]) by hemera.binary-island.eu (Postfix) with ESMTPSA id AAC9C3C083; Mon, 30 Sep 2013 11:27:21 -0400 (EDT) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 In-Reply-To: <8738oq189y.fsf@uwakimon.sk.tsukuba.ac.jp> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 97.107.138.233 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:163731 Archived-At: Hello Stephhen... > Sure. *Preventing* that is going require doing something that is > probably impossible for any program that isn't an operating system in > control of the machine. I am not saying a sandbox is the best solution. But imho, something should be done... or would be nice to have. Even if it is community based reputation system. > > You wouldn't work as root on your system, would you? > > I do every day, to run emerge --update. ;-) Ah, a fellow Gentoo user. ;) Running system updates as root is one thing, working as root as daily routine where those privileges are just not required, is careless (for many reasons), to say the least. And I guess that is not would you do. :) > The interesting question is, "why should a plugin be denied the rights > it needs when those go beyond reading the buffer it was invoked from?" Who said it should get those privileges denied? If it was installed and declared its required permissions, it will get those. Or am I missing something obvious from your statement/question here? > Sure. But the chances are pretty good that I would. Anyway, the > definition of "absolutely need" is "I'm willing to bet that I or some > other user would catch it even if the author doesn't." So you check the source for the plugins you use with each new update? Or who else would you notice malicious code? And if a plugin is driver by a single author, chances are that something can go unnoticed for a while if the target group of said plugin is not a very technical one... and as I learned in this thread, there are many more Emacs users with a non-technical background. > There's another answer based on the details of your example. I avoid > doing development on exposed hosts. In one sense that's unfair, but > in another it goes to the heart of the matter. Which shows, you care about security too and take preventive measures. Unfortunately, not everybody can work that way for various reasons, though. So long, Matthias -- Dipl.-Inf. (FH) Matthias Dahl | Software Engineer | binary-island.eu services: custom software [desktop, mobile, web], server administration