[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#45198: 28.0.50; Sandbox mode
From: |
Eli Zaretskii |
Subject: |
bug#45198: 28.0.50; Sandbox mode |
Date: |
Sat, 17 Apr 2021 21:15:40 +0300 |
> From: Stefan Monnier <monnier@iro.umontreal.ca>
> Cc: mattiase@acm.org, joaotavora@gmail.com, p.stephani2@gmail.com,
> stefan@marxist.se, 45198@debbugs.gnu.org, alan@idiocy.org
> Date: Sat, 17 Apr 2021 13:53:34 -0400
>
> >> My primary target is `elisp-flymake--batch-compile-for-flymake`.
> > What does that mean in practice? what does that "target" require?
>
> It needs to take untrusted ELisp code and run it (with no need for user
> interaction) in a way that doesn't introduce any security risk.
That's too general to allow any meaningful discussion, in particular
whether seccomp could be the basis for satisfying those requirements.
> Currently the code starts a new Emacs process in batch mode and lets it
> do whatever it wants, with all the security problems this entails.
>
> Normally, this untrusted ELisp code (the one present within
> `eval-when-compile` and macros defined within the file) limits itself to
> quite simple sexp manipulation, so the sandboxing can be quite
> restrictive, disallowing things like user interaction, uses of
> subprocesses, or writing to files.
How is this different from byte-compiling some code, e.g. one
downloaded from some elpa?
- bug#45198: 28.0.50; Sandbox mode, (continued)
- bug#45198: 28.0.50; Sandbox mode, Alan Third, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Mattias Engdegård, 2021/04/19
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Mattias Engdegård, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2021/04/17
bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode,
Eli Zaretskii <=
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2021/04/18
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2021/04/18