From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#44018: Don't consider play-sound-file to be a 'safe' function Date: Fri, 16 Oct 2020 09:23:40 +0300 Message-ID: <83k0vqwuxf.fsf@gnu.org> References: <5A2CDAEA-03CF-4F92-AF9D-40421A9B362E@acm.org> <83zh4nwgbs.fsf@gnu.org> <87mu0mrapy.fsf@gnus.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="5083"; mail-complaints-to="usenet@ciao.gmane.io" Cc: mattiase@acm.org, 44018@debbugs.gnu.org To: Lars Ingebrigtsen Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Fri Oct 16 08:24:23 2020 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kTJA7-0001Ez-6h for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 16 Oct 2020 08:24:23 +0200 Original-Received: from localhost ([::1]:33484 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kTJA5-0004GB-NI for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 16 Oct 2020 02:24:21 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:51560) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kTJ9m-0004G3-DJ for bug-gnu-emacs@gnu.org; Fri, 16 Oct 2020 02:24:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:45817) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kTJ9m-0007CP-4j for bug-gnu-emacs@gnu.org; Fri, 16 Oct 2020 02:24:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kTJ9m-0004Hr-1X for bug-gnu-emacs@gnu.org; Fri, 16 Oct 2020 02:24:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 16 Oct 2020 06:24:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 44018 X-GNU-PR-Package: emacs Original-Received: via spool by 44018-submit@debbugs.gnu.org id=B44018.160282943216456 (code B ref 44018); Fri, 16 Oct 2020 06:24:02 +0000 Original-Received: (at 44018) by debbugs.gnu.org; 16 Oct 2020 06:23:52 +0000 Original-Received: from localhost ([127.0.0.1]:57363 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kTJ9b-0004HM-Ld for submit@debbugs.gnu.org; Fri, 16 Oct 2020 02:23:51 -0400 Original-Received: from eggs.gnu.org ([209.51.188.92]:44694) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kTJ9Z-0004H5-Ie for 44018@debbugs.gnu.org; Fri, 16 Oct 2020 02:23:49 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:41253) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kTJ9U-00076m-2R; Fri, 16 Oct 2020 02:23:44 -0400 Original-Received: from [176.228.60.248] (port=3219 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kTJ9T-0004ZA-Gu; Fri, 16 Oct 2020 02:23:43 -0400 In-Reply-To: <87mu0mrapy.fsf@gnus.org> (message from Lars Ingebrigtsen on Fri, 16 Oct 2020 07:39:05 +0200) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:190650 Archived-At: > From: Lars Ingebrigtsen > Cc: Mattias Engdegård , > 44018@debbugs.gnu.org > Date: Fri, 16 Oct 2020 07:39:05 +0200 > > Eli Zaretskii writes: > > > Are the risks the same on all the supported platforms, or just on > > some? > > My understanding of unsafep.el isn't that it's trying to protect against > any particular exploits, but just give a list of things that are totally > and utterly OK to eval. So you have stuff like: > > commit a8c41b4c0d3b0a3e87f17bbcdd8ac12dae296b3a > Author: Chong Yidong > AuthorDate: Mon Oct 18 13:28:20 2010 -0400 > > Don't allow functions that display messages in unsafep. > > So even `message' isn't "safe" in this context. I think it's odd to > have `play-sound-file' marked as "safe" if `message' isn't. Do you understand why 'message' was removed? I don't, and couldn't find any discussion on Emacs lists that discussed that; I may have missed something. I have no idea why 'message' could be unsafe. unsafep.el doesn't provide a high-level definition of what is considered "safe", unfortunately, and was evidently written for SES, so may have some bias due to that context. Still, it is not clear to me why 'message' was removed. I'm uneasy with doing things when the only argument is "why not?". Maybe I'm the odd one out, but I generally think we should have a lot of respect for those who wrote code for Emacs in the past, unless we have a clear reason to think it was in error of some kind. So I'm trying to get to the bottom of an issue when the proposal is clearly at odds with something we had for years.