eval and security

eval and security

[Andreas Röhler]

Hi,

remember a saying like "avoid calls like (eval 'my-symbol) in lisp-code" 
as related to security issues.

Is there some reading to learn more? Maybe I'm mistaking something?

Thanks,

Andreas

Re: eval and security

[tomas]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Oct 24, 2016 at 02:20:44PM +0200, Andreas Röhler wrote:
> Hi,
> 
> remember a saying like "avoid calls like (eval 'my-symbol) in
> lisp-code" as related to security issues.
> 
> Is there some reading to learn more? Maybe I'm mistaking something?

Perhaps because a randomly downloaded package can redefine 'my-symbol
to be something evil?

In any case, if you indirect your code through user-overridable
stuff (e.g. hooks), the least you can do is to use a defvar
marking the thing as "risky": then Emacs will do its best to
avoid changing it when the user doesn't expect it.

There's a chapter "Security Considerations" in the Emacs Lisp
manual[1].

regards

[1] https://www.gnu.org/software/emacs/manual/html_node/elisp/Security-Considerations.html
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlgN/zcACgkQBcgs9XrR2kalLwCfYv6yRyRAECNQ9zCepzgdZJqb
9gMAn2nR87fNoh5nzMqF+bGVi6FncgXc
=QPBI
-----END PGP SIGNATURE-----

Re: eval and security

[Andreas Röhler]

On 24.10.2016 14:31, tomas@tuxteam.de wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, Oct 24, 2016 at 02:20:44PM +0200, Andreas Röhler wrote:
>> Hi,
>>
>> remember a saying like "avoid calls like (eval 'my-symbol) in
>> lisp-code" as related to security issues.
>>
>> Is there some reading to learn more? Maybe I'm mistaking something?
> Perhaps because a randomly downloaded package can redefine 'my-symbol
> to be something evil?

Yes, that would be the problem. However, the way Emacs works, any symbol 
might be replaced by such a package, right?

Re: eval and security

[Philipp Stephani]

<tomas@tuxteam.de> schrieb am Mo., 24. Okt. 2016 um 14:32 Uhr:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, Oct 24, 2016 at 02:20:44PM +0200, Andreas Röhler wrote:
> > Hi,
> >
> > remember a saying like "avoid calls like (eval 'my-symbol) in
> > lisp-code" as related to security issues.
> >
> > Is there some reading to learn more? Maybe I'm mistaking something?
>
> Perhaps because a randomly downloaded package can redefine 'my-symbol
> to be something evil?
>

Randomly downloaded packages can just say
(eval-when-compile (shell-command "rm -rf /"))
No need to override symbols to do something evil.

Re: eval and security

[Andreas Röhler]

On 24.10.2016 20:50, Philipp Stephani wrote:
> <tomas@tuxteam.de> schrieb am Mo., 24. Okt. 2016 um 14:32 Uhr:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On Mon, Oct 24, 2016 at 02:20:44PM +0200, Andreas Röhler wrote:
>>> Hi,
>>>
>>> remember a saying like "avoid calls like (eval 'my-symbol) in
>>> lisp-code" as related to security issues.
>>>
>>> Is there some reading to learn more? Maybe I'm mistaking something?
>> Perhaps because a randomly downloaded package can redefine 'my-symbol
>> to be something evil?
>>
> Randomly downloaded packages can just say
> (eval-when-compile (shell-command "rm -rf /"))
> No need to override symbols to do something evil.

For the moment taking `symbol-value' as less powerful and sufficient at 
the use-cases - later calls to `looking-at' etc.