From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: trusted-content seems to have effect only with sources specified. Date: Sat, 28 Dec 2024 21:26:24 +0200 Message-ID: <86zfkfr4m7.fsf@gnu.org> References: <861pxty189.fsf@gnu.org> <86ed1suoyt.fsf@gnu.org> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="36900"; mail-complaints-to="usenet@ciao.gmane.io" Cc: emacs-devel@gnu.org To: Michelangelo Rodriguez Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sat Dec 28 20:27:27 2024 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tRcT9-0009S3-GR for ged-emacs-devel@m.gmane-mx.org; Sat, 28 Dec 2024 20:27:27 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tRcSF-0000kg-6N; Sat, 28 Dec 2024 14:26:32 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tRcSC-0000kK-JP for emacs-devel@gnu.org; Sat, 28 Dec 2024 14:26:28 -0500 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tRcSB-0003FM-Kz; Sat, 28 Dec 2024 14:26:28 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=ulVZistLrYUqdrzhstdVT/URxD6FvJr1dQHz/OS1UrM=; b=AH529LcFhPKE k8LZYI2AaCW/ATPr668MlSDYUZ4PCIuCFA+nCvI/Z9Eox59Psn90khKfwP3RZrsQNQK3+x7YRPtOB uOFwv33h+a+YYX/EqwrQ8El5xb005bKcwNBiPMO3d1tD6mbJxnzYrjzPW50hUAKJt/HZg5FaJx1Oj CARnssGf5toL3jhp1WKKrLpzvy+UvjRfwQyQdKxKF+Oo5KpNVR3unlptIFUH/XXnShSO6eeRhLERh ZwQrPuOj+pGGkaQCDP2luD1Z4fJceUIaO1KzThUb8+traahDyV2zrAzmhH5/iK2zuTHFDBrhLGCw1 WwHW+jOro5FjUYWX12QeeA==; In-Reply-To: (message from Michelangelo Rodriguez on Sat, 28 Dec 2024 20:12:27 +0100) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:327288 Archived-At: > From: Michelangelo Rodriguez > Date: Sat, 28 Dec 2024 20:12:27 +0100 > > Stefan Monnier writes: > > > It was done on purpose, yes: > > > > (defun trusted-content-p () > > "Return non-nil if we trust the contents of the current buffer. > > Here, \"trust\" means that we are willing to run code found inside of it. > > See also `trusted-content'." > > ;; We compare with `buffer-file-truename' i.s.o `buffer-file-name' > > ;; to try and avoid marking as trusted a file that's merely accessed > > ;; via a symlink that happens to be inside a trusted dir. > > > >> it will catch the case of a malicious symlink > >> that redirects your trusted file/directory to a different place. > > > > In his case, the symlink presumably can't be malicious since it's inside > > a trusted directory. But I didn't want this trust to be transitive: > > just because the symlink is non-malicious doesn't mean the target can't > > contain things we can't control. You may setup a perfectly valid symlink > > to an area where you download random crap. > Maybe this feature should be documented? > `package-vc-install-from-checkout' is an api built-in emacs, that creates > symbolic links. > If an user tries to trust this "kind" of package, and it remains > untrusted, her/him will switch to trust all the content. > We should indicate that we have to use the true file name. Isn't it obvious that trust should be given to actual files and directories, not links to them?