bug#45198: 28.0.50; Sandbox mode

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#45198: 28.0.50; Sandbox mode

From:	Eli Zaretskii
Subject:	bug#45198: 28.0.50; Sandbox mode
Date:	Sat, 17 Apr 2021 21:15:40 +0300

> From: Stefan Monnier <monnier@iro.umontreal.ca>
> Cc: mattiase@acm.org,  joaotavora@gmail.com,  p.stephani2@gmail.com,
>   stefan@marxist.se,  45198@debbugs.gnu.org,  alan@idiocy.org
> Date: Sat, 17 Apr 2021 13:53:34 -0400
> 
> >> My primary target is `elisp-flymake--batch-compile-for-flymake`.
> > What does that mean in practice? what does that "target" require?
> 
> It needs to take untrusted ELisp code and run it (with no need for user
> interaction) in a way that doesn't introduce any security risk.

That's too general to allow any meaningful discussion, in particular
whether seccomp could be the basis for satisfying those requirements.

> Currently the code starts a new Emacs process in batch mode and lets it
> do whatever it wants, with all the security problems this entails.
> 
> Normally, this untrusted ELisp code (the one present within
> `eval-when-compile` and macros defined within the file) limits itself to
> quite simple sexp manipulation, so the sandboxing can be quite
> restrictive, disallowing things like user interaction, uses of
> subprocesses, or writing to files.

How is this different from byte-compiling some code, e.g. one
downloaded from some elpa?

[Prev in Thread]

Current Thread

[Next in Thread]

bug#45198: 28.0.50; Sandbox mode, (continued)

Prev by Date: bug#47588: 28.0.50; C-M-x in emacs-lisp-mode: elisp--eval-defun: Symbol’s function definition is void: nil [3 times]
Next by Date: bug#47828: seccomp test failures
Previous by thread: bug#45198: 28.0.50; Sandbox mode
Next by thread: bug#45198: 28.0.50; Sandbox mode
Index(es):
- Date
- Thread