From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Stefan Monnier <monnier@IRO.UMontreal.CA>
Newsgroups: gmane.emacs.devel
Subject: Re: [Emacs-diffs]  master f373e81 1/2: New lispref section
	=?utf-8?Q?=E2=80=9CSecurity_Considerations=E2=80=9D?=
Date: Thu, 22 Oct 2015 00:15:13 -0400
Message-ID: <jwvy4ev5ysp.fsf-monnier+emacsdiffs@gnu.org>
References: <20151022032653.19962.53975@vcs.savannah.gnu.org>
	<E1Zp6Wk-0005Cw-D3@vcs.savannah.gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1445487356 30023 80.91.229.3 (22 Oct 2015 04:15:56 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Thu, 22 Oct 2015 04:15:56 +0000 (UTC)
Cc: Paul Eggert <eggert@cs.ucla.edu>
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Oct 22 06:15:47 2015
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Zp7I1-0000ik-Vh
	for ged-emacs-devel@m.gmane.org; Thu, 22 Oct 2015 06:15:46 +0200
Original-Received: from localhost ([::1]:55667 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Zp7I1-00035Q-8o
	for ged-emacs-devel@m.gmane.org; Thu, 22 Oct 2015 00:15:45 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:42698)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <monnier@iro.umontreal.ca>) id 1Zp7Hk-00035E-UE
	for emacs-devel@gnu.org; Thu, 22 Oct 2015 00:15:29 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <monnier@iro.umontreal.ca>) id 1Zp7Hh-0001JT-Nv
	for emacs-devel@gnu.org; Thu, 22 Oct 2015 00:15:28 -0400
Original-Received: from chene.dit.umontreal.ca ([132.204.246.20]:43358)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <monnier@iro.umontreal.ca>) id 1Zp7Hh-0001JN-Iw
	for emacs-devel@gnu.org; Thu, 22 Oct 2015 00:15:25 -0400
Original-Received: from ceviche.home (lechon.iro.umontreal.ca [132.204.27.242])
	by chene.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id t9M4FD3d019284; 
	Thu, 22 Oct 2015 00:15:14 -0400
Original-Received: by ceviche.home (Postfix, from userid 20848)
	id 862A5661EF; Thu, 22 Oct 2015 00:15:13 -0400 (EDT)
In-Reply-To: <E1Zp6Wk-0005Cw-D3@vcs.savannah.gnu.org> (Paul Eggert's message
	of "Thu, 22 Oct 2015 03:26:54 +0000")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux)
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 5
X-NAI-Spam-Score: 0
X-NAI-Spam-Rules: 1 Rules triggered
	RV5466=0
X-NAI-Spam-Version: 2.3.0.9393 : core <5466> : inlines <3953> : streams
	<1525342> : uri <2067899>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 132.204.246.20
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:192341
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/192341>

>     * doc/lispref/os.texi (Security Considerations):
>     New node.

There's also the fact that various features like file-local variables
mean that opening /some/file/some/where can be dangerous if that file or
some parent directory is under the control of an attacker.

We do some effort to protect against such holes, but the risk is very
real: it only takes a single package setting safe-local-variable too
optimistically (such as elpa/packages/ada-mode recently, IIRC).


        Stefan