all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Eli Zaretskii <eliz@gnu.org>
To: Stefan Kangas <stefankangas@gmail.com>
Cc: jm@pub.pink, 75017@debbugs.gnu.org
Subject: bug#75017: 31.0.50; Untrusted user lisp files
Date: Sun, 22 Dec 2024 20:38:46 +0200	[thread overview]
Message-ID: <86ldw75zrd.fsf@gnu.org> (raw)
In-Reply-To: <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@mail.gmail.com> (message from Stefan Kangas on Sun, 22 Dec 2024 17:20:13 +0000)

> From: Stefan Kangas <stefankangas@gmail.com>
> Date: Sun, 22 Dec 2024 17:20:13 +0000
> Cc: 75017@debbugs.gnu.org
> 
> Eli Zaretskii <eliz@gnu.org> writes:
> 
> > No, not IMO.  Please add those files you know you can trust to the
> > list of trusted files, and let's see if that works well for you.  If,
> > after you have used that for some time, you have observations to
> > report or changes to suggest, please do, but let's please base such
> > observations on some sufficiently significant (read: long enough)
> > experience.
> >
> >> What about files put in place by a system admin or your distro’s
> >> Emacs package (e.g. site-run-file, default.el)? They generally
> >> require root priviledges to install so if they can’t be trusted
> >> you’re already in trouble.
> >
> > On my system, these files do not need any admin privileges, so I don't
> > think we should trust them by default.  Users who know that these
> > files are modified only by trusted admins can and probably should add
> > them to the list of trusted files, if they need that (in general,
> > there should be no need to run Flymake in those files, in which case
> > these files don't need to be added even if they are trusted).
> 
> I don't think it's meaningful to consider them as not
> `trusted-content-p`, when we automatically load these files into any
> running Emacs session.

No, we don't load anything.  It's the user who tells us whether to
load these files, by placing them in those locations and naming them
according to what Emacs looks for.  It's up to the user to tell us
whether everything in those files is trustworthy.

And let's not forget that various packages write to the init files, so
not everything there was written by the user.





  reply	other threads:[~2024-12-22 18:38 UTC|newest]

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-12-21 20:48 bug#75017: 31.0.50; Untrusted user lisp files john muhl
2024-12-22  2:47 ` Stefan Kangas
2024-12-22  3:16   ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-22  6:12     ` Eli Zaretskii
2024-12-22 17:36       ` Stefan Kangas
2024-12-22 18:41         ` Eli Zaretskii
2024-12-22 18:47           ` Drew Adams via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-23 14:10           ` Stefan Kangas
2024-12-23 14:29             ` Eli Zaretskii
2024-12-24  0:35               ` Stefan Kangas
2024-12-24 12:15                 ` Eli Zaretskii
2024-12-23 19:15             ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-22  6:19 ` Eli Zaretskii
2024-12-22 17:20   ` Stefan Kangas
2024-12-22 18:38     ` Eli Zaretskii [this message]
2024-12-22 19:52       ` Dmitry Gutov
2024-12-22 20:23         ` Eli Zaretskii
2024-12-22 20:27           ` Dmitry Gutov
     [not found]             ` <865xna60oj.fsf@gnu.org>
2024-12-23 14:36               ` Stefan Kangas
2024-12-24 23:29               ` Dmitry Gutov
2024-12-27  7:39                 ` Sean Whitton
2024-12-27  8:35                   ` Eli Zaretskii
2024-12-27 13:36                     ` Sean Whitton
2024-12-28 12:30                       ` Eli Zaretskii
2024-12-28 14:57                   ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-29 19:13                     ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-29 19:13                     ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-29 19:13                     ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-29 19:13                     ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-29 19:14                     ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-29 19:14                     ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-29 19:14                     ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-29 19:14                     ` Björn Bidar via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-31  4:43                   ` Richard Stallman
2024-12-23  0:32   ` john muhl
     [not found]     ` <86v7va4kj6.fsf@gnu.org>
2024-12-23 17:53       ` john muhl
2024-12-24  5:48       ` Stefan Monnier via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-12-24 23:58         ` Stefan Kangas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=86ldw75zrd.fsf@gnu.org \
    --to=eliz@gnu.org \
    --cc=75017@debbugs.gnu.org \
    --cc=jm@pub.pink \
    --cc=stefankangas@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.