From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Stephen J. Turnbull" Newsgroups: gmane.emacs.devel Subject: Re: Rant - Emacs mail is not user friendly Date: Tue, 18 Nov 2014 14:30:45 +0900 Message-ID: <87bno5ulbu.fsf@uwakimon.sk.tsukuba.ac.jp> References: <871tp4wut1.fsf@uwakimon.sk.tsukuba.ac.jp> <87mw7qvign.fsf@uwakimon.sk.tsukuba.ac.jp> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 X-Trace: ger.gmane.org 1416288690 4509 80.91.229.3 (18 Nov 2014 05:31:30 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 18 Nov 2014 05:31:30 +0000 (UTC) Cc: kelly@prtime.org, emacs-devel@gnu.org To: rms@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Nov 18 06:31:23 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XqbNp-000291-Cs for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 06:31:21 +0100 Original-Received: from localhost ([::1]:51384 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqbNo-0005ki-QA for ged-emacs-devel@m.gmane.org; Tue, 18 Nov 2014 00:31:20 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:51200) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqbNe-0005ka-Ob for emacs-devel@gnu.org; Tue, 18 Nov 2014 00:31:18 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XqbNU-0002Bo-Ok for emacs-devel@gnu.org; Tue, 18 Nov 2014 00:31:10 -0500 Original-Received: from shako.sk.tsukuba.ac.jp ([130.158.97.161]:37952) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XqbNU-00028c-EX; Tue, 18 Nov 2014 00:31:00 -0500 Original-Received: from uwakimon.sk.tsukuba.ac.jp (uwakimon.sk.tsukuba.ac.jp [130.158.99.156]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by shako.sk.tsukuba.ac.jp (Postfix) with ESMTPS id 206881C39A1; Tue, 18 Nov 2014 14:30:46 +0900 (JST) Original-Received: by uwakimon.sk.tsukuba.ac.jp (Postfix, from userid 1000) id 0863B1A2844; Tue, 18 Nov 2014 14:30:45 +0900 (JST) In-Reply-To: X-Mailer: VM undefined under 21.5 (beta34) "kale" acf1c26e3019 XEmacs Lucid (x86_64-unknown-linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 130.158.97.161 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:177519 Archived-At: Richard Stallman writes: > > (I agree with you that Emacs that has an attack surface that > > amounts to the whole world, and practically, that securing it > > is too hard to think about succeeding, but that's not a popular > > view on this list. And it's just theory.) > > We have done substantial work to make Emacs secure against just > visiting a malicious file. Yes. But Emacs nowadays depends on a large number of external libraries, many of which are known to have had security flaws. (Specifically, being able to crash a program is considered a security flaw, because crashes usually involve trying to execute unexecutable data -- but if that data happened to be valid machine code, "anything" can happen). Emacs is also capable of handling almost any data known to man "out of the box", which makes it a perfect instrument for "social engineering". Emacs users regularly share Lisp code, for example, including with people who don't know Lisp. I've done it myself, though nothing nastier than a time bomb that pops up "Happy Birthday!" on the victim's birthday. I could have had it mail me the contents of .ssh (and I have a pretty good idea of the individual's preferences in passphrases, and they are obviously short). > Has a specific flaw or bug been found? Aside from the application/x-patch MIME type used by Gnus, I know of none. That one's mostly pedantic, as AFAIK noone proposes to do what is implied by the "application" MIME type, namely, automatically apply the patch. (There's no good reason for diffs sent by mail to be anything but a "text" MIME type.) > If so, what precisely? As above. I don't expect you to agree, nor am I perfectly consistent in following the implications of the analysis. But I don't install Emacsen on machines storing other people's data unless they are isolated from the Internet, and I don't install them on servers I care about (I use TRAMP instead).