From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Stefan Monnier <monnier@iro.umontreal.ca>
Newsgroups: gmane.emacs.devel
Subject: Re: [PATCH v3] Add systemd socket launching support
Date: Fri, 01 Apr 2016 09:17:32 -0400
Message-ID: <jwvmvpd324t.fsf-monnier+emacs@gnu.org>
References: <874mbn7kmn.fsf@mattleach.net>
	<jwv60w26c70.fsf-monnier+gmane.emacs.devel@gnu.org>
	<871t6qkc3h.fsf@mattleach.net> <jwvfuv6pobm.fsf-monnier+emacs@gnu.org>
	<8337r6v930.fsf@gnu.org> <jwv4mbmplq6.fsf-monnier+emacs@gnu.org>
	<83y48ytpah.fsf@gnu.org> <jwvvb424a71.fsf-monnier+emacs@gnu.org>
	<83pou9u7md.fsf@gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1459516683 13439 80.91.229.3 (1 Apr 2016 13:18:03 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Fri, 1 Apr 2016 13:18:03 +0000 (UTC)
Cc: matthew@mattleach.net, emacs-devel@gnu.org
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Apr 01 15:17:54 2016
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1alyxV-0005Ua-Nv
	for ged-emacs-devel@m.gmane.org; Fri, 01 Apr 2016 15:17:53 +0200
Original-Received: from localhost ([::1]:44302 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1alyxV-0006Pf-2T
	for ged-emacs-devel@m.gmane.org; Fri, 01 Apr 2016 09:17:53 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:55193)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <monnier@iro.umontreal.ca>) id 1alyxF-0006N4-T1
	for emacs-devel@gnu.org; Fri, 01 Apr 2016 09:17:38 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <monnier@iro.umontreal.ca>) id 1alyxF-000151-4i
	for emacs-devel@gnu.org; Fri, 01 Apr 2016 09:17:37 -0400
Original-Received: from ironport2-out.teksavvy.com ([206.248.154.181]:35074)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <monnier@iro.umontreal.ca>)
	id 1alyxB-000137-Bu; Fri, 01 Apr 2016 09:17:33 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0A2FgA731xV/0+KpUVcgxCEAoVVwwsEAgKBPDwRAQEBAQEBAYEKQQWDXQEBAwFWIwULCzQSFBgNJIg3CM8jAQEBAQYCAR+LOoUFB4QtBbM/gUUjYYEpHIFuIoJ4AQEB
X-IPAS-Result: A0A2FgA731xV/0+KpUVcgxCEAoVVwwsEAgKBPDwRAQEBAQEBAYEKQQWDXQEBAwFWIwULCzQSFBgNJIg3CM8jAQEBAQYCAR+LOoUFB4QtBbM/gUUjYYEpHIFuIoJ4AQEB
X-IronPort-AV: E=Sophos;i="5.13,465,1427774400"; d="scan'208";a="204416859"
Original-Received: from 69-165-138-79.dsl.teksavvy.com (HELO pastel.home)
	([69.165.138.79])
	by ironport2-out.teksavvy.com with ESMTP; 01 Apr 2016 09:17:32 -0400
Original-Received: by pastel.home (Postfix, from userid 20848)
	id BC6AD64043; Fri,  1 Apr 2016 09:17:32 -0400 (EDT)
In-Reply-To: <83pou9u7md.fsf@gnu.org> (Eli Zaretskii's message of "Fri, 01 Apr
	2016 10:10:34 +0300")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 206.248.154.181
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:202563
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/202563>

> I'm not sure myself, but I'm not a criminal, so don't ask me about the
> details.  I just know that exposing a handle through which someone can
> feed Emacs any commands they want is a bad idea.

Which part of my proposal exposes such a handle?  What do you mean by
"exposing"?  The only "exposing" happening is to provide a function that
extracts the FD number from our own process environment.  This function
would be implemented using libsystemd so as to avoid re-implementing it
in Elisp (and having to keep it up-to-date with systemd's way of
passing the FD info), but the actual FD data is already available to
Elisp as well as to any other process running on the same machine
(since the env is usually available via "ps" or "/proc/<pid>/environ").

I don't understand.

>> And I'm not sure how the latest patch would address it (you can
>> still cause Emacs to use an arbitrary FD by providing the
>> corresponding envvars).
> That'd require a more serious breach of the system's security.

No.  That only requires an Emacs compiled with systemd support.
That doesn't require systemd running.


        Stefan