From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Adam Plaice <plaiceadam@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#37656: 27.0.50; Arbitrary code execution with special `mode:'
Date: Wed, 16 Oct 2019 23:02:29 +0200
Message-ID: <CAJw81dYKcEYG3eT4BT_XtzFA4KFjvBiPLZJM4rLEMXO7J1xXvg@mail.gmail.com>
References: <CAJw81dZZmX=z-YFDwvEkuWR6xH+cf=mR9h-fcZTphwdXWrA5wg@mail.gmail.com>
 <CADwFkmnqfbsEEWkWMA2xnN1O+-JsTcCKrSYv0e3g1+jXrxRY5g@mail.gmail.com>
 <CADwFkm=U1zfUsD4jTPj44mNvQX-h2gVrvXCkvjM5V7brhS71_Q@mail.gmail.com>
 <CADwFkmk+03=J8YUy51xzBxSK2+u0DuMLq3Ur63Wr_YWv6e=C=g@mail.gmail.com>
 <838splf7g1.fsf@gnu.org>
 <CAJw81dYvV2vA9Rmq-1psqO+D5cHBX9JO55j6ww=zft+d-EWE=A@mail.gmail.com>
 <83d0ewehxf.fsf@gnu.org> <16f494c4-be3a-09d7-1c56-d58647059c44@orcon.net.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="239513"; mail-complaints-to="usenet@blaine.gmane.org"
Cc: Stefan Kangas <stefan@marxist.se>, 37656@debbugs.gnu.org
To: Phil Sainty <psainty@orcon.net.nz>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Oct 16 23:03:13 2019
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.89)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1iKqRr-0010AW-Is
	for geb-bug-gnu-emacs@m.gmane.org; Wed, 16 Oct 2019 23:03:11 +0200
Original-Received: from localhost ([::1]:48142 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1iKqRq-0005d5-CR
	for geb-bug-gnu-emacs@m.gmane.org; Wed, 16 Oct 2019 17:03:10 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:45228)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iKqRj-0005bU-6f
 for bug-gnu-emacs@gnu.org; Wed, 16 Oct 2019 17:03:04 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iKqRi-0000Q3-3u
 for bug-gnu-emacs@gnu.org; Wed, 16 Oct 2019 17:03:03 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:37858)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1iKqRi-0000Px-02
 for bug-gnu-emacs@gnu.org; Wed, 16 Oct 2019 17:03:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iKqRh-00038b-Pb
 for bug-gnu-emacs@gnu.org; Wed, 16 Oct 2019 17:03:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Adam Plaice <plaiceadam@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Wed, 16 Oct 2019 21:03:01 +0000
Resent-Message-ID: <handler.37656.B37656.157125977012042@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 37656
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: security
Original-Received: via spool by 37656-submit@debbugs.gnu.org id=B37656.157125977012042
 (code B ref 37656); Wed, 16 Oct 2019 21:03:01 +0000
Original-Received: (at 37656) by debbugs.gnu.org; 16 Oct 2019 21:02:50 +0000
Original-Received: from localhost ([127.0.0.1]:46679 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1iKqRV-000389-H6
 for submit@debbugs.gnu.org; Wed, 16 Oct 2019 17:02:50 -0400
Original-Received: from mail-lf1-f52.google.com ([209.85.167.52]:36420)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <plaiceadam@gmail.com>) id 1iKqRT-00037u-GE
 for 37656@debbugs.gnu.org; Wed, 16 Oct 2019 17:02:47 -0400
Original-Received: by mail-lf1-f52.google.com with SMTP id u16so89834lfq.3
 for <37656@debbugs.gnu.org>; Wed, 16 Oct 2019 14:02:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; 
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=hqDIGFuoMIF2ohjqUKG/VCwlJrCA/1jk5oOoxScr1zk=;
 b=B4uIl+KOS/s/tDCEvzd/erySv0MMG8FuyQtgk8dJLfP1qLcRV9F+EwLNMQ1UEpoeGF
 7w9plCf0e9jBPIbBMQKCmQiVwjaLaLguf5ecphc/wi0CIXIlwKQ4XY0ktyBr18TTgwRn
 Sn7CloTLM1iPsS3zusK+Cw9ZxG9h3jkAYnU/nJghL52dUFvGHBFDrPERnXHLcrP/ZqBR
 hzGdWqVDX3QWD9vjw+dEpfH2Pj+13gJiv9Rx+eqzOZIg3VLtc6RmjFjmU7qmaLgzRaa0
 yOFgC6eQ934Io7Y80DrcXYaJcjIfpYaNt841J7kTh8jai2n9Ii5fdEy3yvTwXDEbzVg9
 6UQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=hqDIGFuoMIF2ohjqUKG/VCwlJrCA/1jk5oOoxScr1zk=;
 b=Kx2TljJWFjkKCzIYqSWoFolGn7nqCghKEqBY4LV8AT8fIPXx7UdpdIun38wj98DIZC
 j2nElVtQXUYMQwF0ne27EybvY+gp/M4ICSxURidBeCaGoYlWVmCkWsE1TcNIMToh+GM9
 qZFtkI8WcfkjHJY/pomScpkkG1yfPfbHXoegAYGDd0bZwy3QL834gAmYEi4zTMz9YW0Q
 D5pAw6qGvFmM5pdk7rnbHp/ZCxnCEqHe/1QdvdFp2MnSKXBO47xNGr9ich3uuzFq3I/R
 KnE8ukBhFywmBAHfuWkyoQOqZEelvwyYtuq/D20oQoM0vsTIaDP7ddNDv3lZyCgvDJH/
 cOkw==
X-Gm-Message-State: APjAAAUWl/8VsAMASWhkBLLbuqp6H8sKnNiHSVFt8nZVs8f3jJFVVLUq
 WMHoIRTbqNetsU0agR0eulhcbeBdKWN40Pakx/E=
X-Google-Smtp-Source: APXvYqyoikr32eMOZeJDXKU7AsSTNv5PZas+j3Sim+DxcqR0Us1E71Smal54eRtyN5UWju6Fa43EJ0Fr7lqYW/AcDR4=
X-Received: by 2002:a19:855:: with SMTP id 82mr7127067lfi.44.1571259761359;
 Wed, 16 Oct 2019 14:02:41 -0700 (PDT)
In-Reply-To: <16f494c4-be3a-09d7-1c56-d58647059c44@orcon.net.nz>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 209.51.188.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:169501
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/169501>

> So the deprecated approach isn't actually a factor here.

FWIW bug#8613 included a discussion of adding an optional `:risky'
argument to define-minor-mode.  If RISKY were absent (or nil) then the
relevant minor mode function would have its `safe-local-eval-function'
property set to t.  (Why a `:risky' argument rather than a `:safe'
one, would have been preferable, is discussed in the bug.)  In the end,
this was not implemented, (and the alternative approach of treating
modes as a special case in `hack-one-local-variable-eval-safep', was
taken).  It was decided to not be needed yet, as the case of an
unsafe minor mode was considered hypothetical.

> I think it goes further than just flymake support for Elisp: flymake
> support for other major modes may also end up running arbitrary code
> (tho it will depend on the specifics).

The advantage of being able to mark minor modes as "risky" would be
that it might help solve the issue for all flymake backends and for
any third-party minor modes which are unsafe, with minimal changes
needed for such backends/modes.

Adam