From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Stefan Kangas Newsgroups: gmane.emacs.bugs Subject: bug#75017: 31.0.50; Untrusted user lisp files Date: Sun, 22 Dec 2024 17:20:13 +0000 Message-ID: References: <87bjx43gp7.fsf@pub.pink> <86frmg6xzf.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="23084"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 75017@debbugs.gnu.org To: Eli Zaretskii , john muhl Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Dec 22 18:22:21 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1tPPen-0005qq-Az for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 22 Dec 2024 18:22:21 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tPPeX-0006EW-3l; Sun, 22 Dec 2024 12:22:05 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tPPeU-0006Dy-9T for bug-gnu-emacs@gnu.org; Sun, 22 Dec 2024 12:22:03 -0500 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tPPeU-0001O7-1F for bug-gnu-emacs@gnu.org; Sun, 22 Dec 2024 12:22:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=Date:MIME-Version:References:In-Reply-To:From:To:Subject; bh=OH2XsforQ2kS4OB798s1bUs3UtsHh4QdatlsHJsrpdo=; b=iBZMqIib7Ai5St3qd1iLz2+WvN3MFBJfirsM+cV+kWcyZZq3Rk3H223iibN+8+vcdEYsGF2BTkMY0QLxNxplolkuEo8FsoXWDLG7HsP/qiH/QoFFIvCX2UbjDN5+GF0H6NRSWdjHx8Hj348SC4pKiadw8V+S8bL/BAwFGPG9cie7NCVYYcEiwpJi5nnISxgbfyQqnor6iyrLv4F2b9JI+9oin7CdCpoWC5n/P1VKIxhVcB/DW64kKHD26MemdWaZA+FJGMmptblos6KuIWym1NkCRi/l3j1dmz0mo7WNJsuR7LrpCWxmBu5a5t9mRDgPszch8Sjpuk5GMB6RYfBH9g==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tPPeT-0007XC-RE for bug-gnu-emacs@gnu.org; Sun, 22 Dec 2024 12:22:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Stefan Kangas Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 22 Dec 2024 17:22:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 75017 X-GNU-PR-Package: emacs Original-Received: via spool by 75017-submit@debbugs.gnu.org id=B75017.173488808128883 (code B ref 75017); Sun, 22 Dec 2024 17:22:01 +0000 Original-Received: (at 75017) by debbugs.gnu.org; 22 Dec 2024 17:21:21 +0000 Original-Received: from localhost ([127.0.0.1]:51705 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tPPdp-0007Vm-CL for submit@debbugs.gnu.org; Sun, 22 Dec 2024 12:21:21 -0500 Original-Received: from mail-ed1-f47.google.com ([209.85.208.47]:58841) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tPPdn-0007VR-NJ for 75017@debbugs.gnu.org; Sun, 22 Dec 2024 12:21:20 -0500 Original-Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-5cecbddb574so5513000a12.1 for <75017@debbugs.gnu.org>; Sun, 22 Dec 2024 09:21:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1734888014; x=1735492814; darn=debbugs.gnu.org; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:references:in-reply-to:from:from:to:cc:subject:date :message-id:reply-to; bh=OH2XsforQ2kS4OB798s1bUs3UtsHh4QdatlsHJsrpdo=; b=BssiAu8x/sH+gQK2LjBp4b+514mQ9M5VRGjGy/pBJveDsNFhMuVUlh6DYKlBnj9OzK jyoh1Pu6b6wRhB9TJl49uZ2JJ0pgahl+iaVtxQkb1cP9zuARGsiFMBBKQv8yQuHsVgJn 97hWkH8itLMOWIwfUjwfmNQk+E0mtkzAszPsdTR5wwcYvXb8YavpP6Yb0b2ClUWeGcn4 LWvsV0HdleRsmYfKKvD+MZ5GSnJ6Fo3QVTDq4oygw6Q1ioPQlirTUoE9Hj4kaNhsKRVG NPPiXR0RuQtqTL+01CpNCLN08GZa3tgRUSPSKpXrmbesPHRvejESPl7O+JsqJTC/30Wi WQpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734888014; x=1735492814; h=content-transfer-encoding:cc:to:subject:message-id:date :mime-version:references:in-reply-to:from:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=OH2XsforQ2kS4OB798s1bUs3UtsHh4QdatlsHJsrpdo=; b=DgzjSiic4ETzLwFUnhJ8VPFwSouZllqvjoVtF5jZ7bIHAia0b/Zyjn3lac4KZQWSFy JHGuIn/au6RU0qml4LJdtLQnaPvmx+jQ9RRsiHcqdD5pK7VS3FfMEHuadVUjVJGtalGR XPV6kM1nt/LmEq+UD4GTBi7Z5wumJ3kCLbiou0/q+2m+OCZf1VgEl8JHAtgTym8uOWiQ vEFWtu5TYPEkGNhxM01L9SoEoCIf8PtLzGdko4ZMQ0NlBko3WgYaimh2KVuC/IKAT+kK fjc7M69uo2EbcLpLWIFZQwFpeJ+wMmEKiPAV+5A7G/wC1mumIFlB4NWm3pt5PJjWnA2i wXZw== X-Gm-Message-State: AOJu0YzRbP/72nqQWo5L7RqOfFPADavcDl2oGxqDOmC5Fa7ooON8eCqE 9FjQ1H3CE0IIGKdTjEF9wbJjb6kLvRis4Tp3f1pK5Z+jy2iRfXBkwJTrPdqjmlChZYBSPByNw+J tMDHthCULhUonZHNaTjqJMkTmMpo= X-Gm-Gg: ASbGncvO56OD+xJBAtgqORztBULIL21Ws2M6mOv1tjALVgUMzEtC///965Epj160Nqw zqCzdLSFMpYQtdlsaNRw90d8YnpYg/E5QLtgbUV5h X-Google-Smtp-Source: AGHT+IHK5lYM1mwewbuSc8y7ugLEQt7qnFwZJlAEoEG2o19DdCSIbrlIQP6AjXNdSwlCcIuEzjWUbHffh3a1PAYHfik= X-Received: by 2002:a05:6402:2692:b0:5d0:cfdd:2ac1 with SMTP id 4fb4d7f45d1cf-5d81ddd67b2mr8090569a12.6.1734888013719; Sun, 22 Dec 2024 09:20:13 -0800 (PST) Original-Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Sun, 22 Dec 2024 17:20:13 +0000 In-Reply-To: <86frmg6xzf.fsf@gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:297610 Archived-At: Eli Zaretskii writes: >> From: john muhl >> Date: Sat, 21 Dec 2024 14:48:52 -0600 >> >> user-init-file is trusted by default but not other user files. >> >> C-xf ~/.emacs.d/early-init.el >> M-x flymake-mode >> >> Produces a warning: >> >> Disabling elisp-flymake-byte-compile in early-init.el (untrusted conte= nt) >> >> custom-file (when not the same as user-init-file) also causes a >> warning. Should these also be trusted by default? > > No, not IMO. Please add those files you know you can trust to the > list of trusted files, and let's see if that works well for you. If, > after you have used that for some time, you have observations to > report or changes to suggest, please do, but let's please base such > observations on some sufficiently significant (read: long enough) > experience. > >> What about files put in place by a system admin or your distro=E2=80=99s >> Emacs package (e.g. site-run-file, default.el)? They generally >> require root priviledges to install so if they can=E2=80=99t be trusted >> you=E2=80=99re already in trouble. > > On my system, these files do not need any admin privileges, so I don't > think we should trust them by default. Users who know that these > files are modified only by trusted admins can and probably should add > them to the list of trusted files, if they need that (in general, > there should be no need to run Flymake in those files, in which case > these files don't need to be added even if they are trusted). I don't think it's meaningful to consider them as not `trusted-content-p`, when we automatically load these files into any running Emacs session. > Btw, if we are talking about trusted admins, then entire directories > should be trusted, for example /usr/share or /usr/share/emacs. Yes, though we'd have to discuss which directories those are; `load-path` and `source-directory` are two candidates. > There's a reason why we didn't do that by default. My understanding is that we just didn't consider all of these cases. At least I didn't. If others did, it wasn't sufficiently explicit for me to notice.