From: Eric Abrahamsen <eric@ericabrahamsen.net>
To: 28489-done@debbugs.gnu.org
Subject: bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter)
Date: Sat, 14 Oct 2017 14:13:34 +0200 [thread overview]
Message-ID: <87zi8u0vwx.fsf@ericabrahamsen.net> (raw)
In-Reply-To: Eric Abrahamsen's message of "\(unknown date\)"
Eric Abrahamsen <eric@ericabrahamsen.net> writes:
> On 09/28/17 20:35 PM, Noam Postavsky wrote:
>> Eric Abrahamsen <eric@ericabrahamsen.net> writes:
>>
>>> Essentially it is validating twice, both before and after the actual
>>> objects are created. I don't have a very firm grasp of all the code
>>> involved, but in principle I would prefer just to eval all object
>>> construction forms regardless, and then let it blow up at "real"
>>> validation time -- it was going to blow up anyway.
>>
>> Hmm, yeah, it does look the prevalidation is mostly redundant work. The
>> docstring of eieio-persistent-convert-list-to-object mentions malicious
>> code, perhaps the prevalidation should be with unsafep (i.e., don't try
>> to typecheck anything, just make sure it's safe to eval). This would
>> require that object constructors could be marked safe though.
>
> I've never looked at `unsafep' and don't know what's involved in marking
> object constructors as safe, but that certainly sounds like the right
> solution.
>
> Object creation *ought to* be safe. First, properties are already
> stripped from strings. Second, the only way a creation of an object
> could have side effects is if someone overloaded `initialize-instance'
> or `shared-initialize' and inserted random hard-drive-destroying code
> there. But `eieio-persistent-read' can't do that by itself; it would
> have to be run in conjunction with a separate malicious library.
>
> Otherwise, object creation really just involves making objects,
> validating the data that
>
> Aga
>
>>> But again, my patch or something like it would be enough to get
>>> everything working as advertised.
>>
>> Right. I think your patch is probably fine, though a few tests might a
>> good idea too.
>
> Tests are an excellent idea. Why don't I fool with this patch a bit
> longer, write some tests, and commit the smallest change possible. Then
> open another bug report on the larger question of validation, and the
> possibility of marking object constructors as safe.
prev parent reply other threads:[~2017-10-14 12:13 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-18 0:43 bug#28489: 27.0.50; eieio-persistent slot type validation should be a bit smarter Eric Abrahamsen
[not found] ` <handler.28489.B.150569546424990.ack@debbugs.gnu.org>
2017-09-26 20:22 ` bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter) Eric Abrahamsen
2017-09-27 0:05 ` Noam Postavsky
2017-09-27 16:39 ` Eric Abrahamsen
2017-09-28 2:23 ` Noam Postavsky
2017-09-28 5:02 ` Eric Abrahamsen
2017-09-29 0:35 ` Noam Postavsky
2017-09-29 20:31 ` Eric Abrahamsen
2017-09-30 0:57 ` Noam Postavsky
2017-09-30 18:05 ` Eric Abrahamsen
2017-09-30 21:58 ` Noam Postavsky
2017-09-30 23:30 ` Eric Abrahamsen
2017-10-14 12:13 ` Eric Abrahamsen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zi8u0vwx.fsf@ericabrahamsen.net \
--to=eric@ericabrahamsen.net \
--cc=28489-done@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.