From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: Re: expressions Date: Wed, 08 Jan 2003 03:00:04 -0500 Sender: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Message-ID: References: <20030107115325.GA475@think.thunk.org> Reply-To: rms@gnu.org NNTP-Posting-Host: main.gmane.org X-Trace: main.gmane.org 1042014254 21343 80.91.224.249 (8 Jan 2003 08:24:14 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Wed, 8 Jan 2003 08:24:14 +0000 (UTC) Cc: halley@play-bow.org Return-path: Original-Received: from quimby.gnus.org ([80.91.224.244]) by main.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 18WBVU-0005Xy-00 for ; Wed, 08 Jan 2003 09:24:12 +0100 Original-Received: from monty-python.gnu.org ([199.232.76.173]) by quimby.gnus.org with esmtp (Exim 3.12 #1 (Debian)) id 18WBaQ-0001e6-00 for ; Wed, 08 Jan 2003 09:29:19 +0100 Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.10.13) id 18WBBO-0003F9-02 for emacs-devel@quimby.gnus.org; Wed, 08 Jan 2003 03:03:26 -0500 Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.10.13) id 18WBAv-00037m-00 for emacs-devel@gnu.org; Wed, 08 Jan 2003 03:02:57 -0500 Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.10.13) id 18WBA7-0002lY-00 for emacs-devel@gnu.org; Wed, 08 Jan 2003 03:02:38 -0500 Original-Received: from fencepost.gnu.org ([199.232.76.164]) by monty-python.gnu.org with esmtp (Exim 4.10.13) id 18WB89-0002Pk-00 for emacs-devel@gnu.org; Wed, 08 Jan 2003 03:00:05 -0500 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.10) id 18WB88-0004iV-00; Wed, 08 Jan 2003 03:00:04 -0500 Original-To: tytso@mit.edu In-reply-to: <20030107115325.GA475@think.thunk.org> (message from Theodore Ts'o on Tue, 7 Jan 2003 06:53:26 -0500) Original-cc: emacs-devel@gnu.org X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1b5 Precedence: list List-Id: Emacs development discussions. List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , Errors-To: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Xref: main.gmane.org gmane.emacs.devel:10571 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:10571 Although granted adding the ability to server.el to evaluate arbitrary LISP expression becomes a security disaster, even without that, users who have enable-local-variables set to t and who run server.el are in trouble --- since an attacker can ask emacs to open an arbitrary file created by the attacker, and the local variables in the file can contain arbitrary lisp expressions. That's true, but enable-local-variables is nil by default. So this change would really make the problem considerably more likely. (BTW, Note that one way of dealing with the temp cleaner problem would be to have the emacsserver binary periodically wake up every so often, and try touching the containing directory and socket. If they have disappeared, the binary could recreate them.) I thin the current code has the same problem--it makes no attempt to cope if you clean /tmp. I guess it would be nice to add this facility to try to cope. I was worried about whether clearing /tmp might fail to delete subdirs. ISTR there was such a problem in the past. Maybe not now. Another thought --- if we're willing to bag backwards compatibility altogether, a friend recently pointed me at the existence of another package, gnuserv/gnuclient, which does most of what I had wanted. I think there are problems getting papers for that. I don't remember the details, though. Maybe we could implement whatever security feature it has. How does that work?