From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Robert Pluim <rpluim@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Re: The netsec thread
Date: Mon, 29 Jul 2019 09:50:03 +0200
Message-ID: <m24l35nutw.fsf@gmail.com>
References: <m3fu0ef8gg.fsf@gnus.org> <m3601af5nx.fsf@gnus.org>
 <837elq13me.fsf@gnu.org> <m3pnzidqjd.fsf@gnus.org>
 <CAKDRQS491=e4uSJqip31y2RNBByHzH5Ou4nBno4FO8JNtAHB3w@mail.gmail.com>
 <83h8kqwukq.fsf@gnu.org> <m3d0vep1aj.fsf@gnus.org>
 <vz1tvoqw023.fsf@gmail.com>
 <CAKDRQS6wL98UuOjmQB4NgswrzMNn+oW2zfWEXR8pxsRP_z+VUw@mail.gmail.com>
 <vz1pnzevwkz.fsf@gmail.com> <m3wotm2bta.fsf@gnus.org>
 <vz1lga1x58e.fsf@gmail.com> <86zhyh7nli.fsf@gmail.com>
 <m3h8kpniry.fsf@gnus.org> <86pnzdrn8u.fsf@gmail.com>
 <vz1o9ewkfw1.fsf@gmail.com>
 <CAM-tV-_WgrdfkP0uHJ__D01CCNf-=Nw-Dr3p2sxUUqN6F+6PAg@mail.gmail.com>
 <CAKDRQS6fiJHEuXp5ws1BaEQaYOeqwanMpYjd77PXHV4izKTObQ@mail.gmail.com>
 <m3d0hu3twb.fsf@gnus.org> <834l36koak.fsf@gnu.org>
 <m3y30i2d0q.fsf@gnus.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="232530"; mail-complaints-to="usenet@blaine.gmane.org"
Cc: npostavs@gmail.com, Eli Zaretskii <eliz@gnu.org>, andrewjmoreton@gmail.com,
 wyuenho@gmail.com, emacs-devel@gnu.org
To: Lars Ingebrigtsen <larsi@gnus.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jul 29 09:50:36 2019
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.89)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1hs0QW-000yKl-DU
	for ged-emacs-devel@m.gmane.org; Mon, 29 Jul 2019 09:50:36 +0200
Original-Received: from localhost ([::1]:50246 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.86_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1hs0QV-0006OF-BX
	for ged-emacs-devel@m.gmane.org; Mon, 29 Jul 2019 03:50:35 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:40120)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <rpluim@gmail.com>) id 1hs0Q9-0006La-4c
 for emacs-devel@gnu.org; Mon, 29 Jul 2019 03:50:14 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <rpluim@gmail.com>) id 1hs0Q8-00073T-6M
 for emacs-devel@gnu.org; Mon, 29 Jul 2019 03:50:13 -0400
Original-Received: from mail-wr1-x42f.google.com ([2a00:1450:4864:20::42f]:36343)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <rpluim@gmail.com>)
 id 1hs0Q8-0006x8-06; Mon, 29 Jul 2019 03:50:12 -0400
Original-Received: by mail-wr1-x42f.google.com with SMTP id n4so60740438wrs.3;
 Mon, 29 Jul 2019 00:50:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:references:mail-followup-to:mail-copies-to
 :gmane-reply-to-list:date:in-reply-to:message-id:mime-version
 :content-transfer-encoding;
 bh=VpN75EpJkGmM/dzClqUeB9fwReF6KQdP8oTdhnJZKqc=;
 b=AuF9nZHUXbIThIYesdoMCNWRp1cY4YUQ/VIHeOLoPzWeGdyrhw0iQB/Hr5Dh8hwvPC
 tSnG0FXAlzxLIc1KzvRVsDG9zITovfLWLLP2KO/AcumlxTbXZzbtM5qtxjdPB8rvGg5Z
 Eqf9Eg4/gAQc/Mms+9ZJuHGwa79LPwvFWKkLAEZ3sEhXcg1sVuf2x0zzXwKCIXvrkJyz
 nLrQaD2urZWQoctgt9Bq725Ikhu5OdX77NDyhNKi2jyXRCI+qpiX2sgjQXZgn605gm54
 dXsienrPqDQG3qNw5o5BPXWVnE/Y0EcmW1BvP6OhT07f6o6WeDYQMt/NnSJBvDLGCJHl
 2mhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:mail-followup-to
 :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id
 :mime-version:content-transfer-encoding;
 bh=VpN75EpJkGmM/dzClqUeB9fwReF6KQdP8oTdhnJZKqc=;
 b=n8ForffM603qxgMtHNTtWCQG1Cwl8JameGBB3Yj/LeR2PTcV/Z0SbTp+QdGzw/RGar
 N7faBdYBav52v79XiMEo16tYnr54zRTeT49bDNOZi4xzEL8Ze2V6e/UI0+kualXV1Wwm
 oTARO1n+cfg43oUG6YHlA7dTnaTFGagWNOd5BjxOFLAU8ow/iEkgrOsgnGt0uDO5rUyQ
 szvJUtHwpmaesNzD4s7GgGtxA8YgSPVPU4995z6FaNqOHK9bLrqN0Let61dZdqXIFyDP
 +i8hlGb603L8cKoTPlA42eY4eIpJU9ck6f8GDv88EoQWtwc619oL6AjXOrSQE3SxLTZ2
 tWBA==
X-Gm-Message-State: APjAAAWpPEo3ddZOL434hrtvc03JLq2vRa0IFyvHt4QW0ARiHYX2Rhyc
 Ui+CUmgI8NRORquU9fZC75M=
X-Google-Smtp-Source: APXvYqz8I95YD5hxxGtepTgNuXjAHUsqduX7mN7TixC+HsoVv7J3jirHoVdOKwcxsO+Ix4KGDh4z3g==
X-Received: by 2002:a5d:6a52:: with SMTP id t18mr17070268wrw.178.1564386609248; 
 Mon, 29 Jul 2019 00:50:09 -0700 (PDT)
Original-Received: from rpluim-mac ([149.5.228.1])
 by smtp.gmail.com with ESMTPSA id p3sm49782549wmg.15.2019.07.29.00.50.07
 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);
 Mon, 29 Jul 2019 00:50:07 -0700 (PDT)
Mail-Followup-To: emacs-devel@gnu.org
Mail-Copies-To: never
Gmane-Reply-To-List: yes
In-Reply-To: <m3y30i2d0q.fsf@gnus.org> (Lars Ingebrigtsen's message of "Sun,
 28 Jul 2019 21:08:05 +0200")
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2a00:1450:4864:20::42f
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:238986
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/238986>

>>>>> On Sun, 28 Jul 2019 21:08:05 +0200, Lars Ingebrigtsen <larsi@gnus.org=
> said:

    Lars> I've now done some testing of the netsec branch, and it basically=
 looks
    Lars> good to me.  It's a bit too detailed in the warnings it presents =
to the
    Lars> user -- the original idea was to keep the level of detail down so=
 that
    Lars> it won't scare away everyone but security professionals, and it's=
 now
    Lars> rather scary.

    Lars> I've only skimmed the patch set -- it's 2200 lines, but I've got =
one
    Lars> question to Robert: The patches that add `network-lookup-address-=
info'
    Lars> went into the netsec branch.  Was there any particular reason for=
 that?
    Lars> They seem rather unrelated.  (It does look like a useful addition,
    Lars> though.)

I seem to remember Jimmy wanted it so he could add further consistency
checks. He dropped off before he could explain exactly what those
were, and they're not necessary for his changes.

    Lars> So my plan here is to wait a few days to see whether there are any
    Lars> further comments, and then merge the branch into the trunk.  I wi=
ll then
    Lars> do some cosmetic touch-ups; mostly moving all new details display=
ed on
    Lars> the first warning screen to the "details" page.

I had some issues with nsm-trust-local-network as a concept and also
the IP addresses it checked. And 0.0.0.0/8 is now a valid range (on
very recent Linux kernels anyway), so that test needs adjusting.

Did I send a patch for that? I don=CA=BCt remember, and Monday morning
laziness is strong today.

    Lars> Sound OK to everybody?

Sure. Please leave network-security-level 'paranoid alone, though.

Robert