[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#45198: 28.0.50; Sandbox mode
From: |
Stefan Monnier |
Subject: |
bug#45198: 28.0.50; Sandbox mode |
Date: |
Sat, 17 Apr 2021 16:26:25 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) |
>> The normal way to enable flymake is something like
>>
>> (add-hook 'emacs-lisp-mode #'flymake-mode)
>>
>> so the file gets compiled just because you're looking at it.
>> That's quite different from an explicit request from the user to compile
>> a file.
>
> It is? Sorry, I don't see the difference, not a significant one.
It make `C-x C-f` a tool to run arbitrary code (since the file may end
with something apparently harmless like `.txt` but may actually use
`emacs-lisp-mode`).
> If you are implying that one does something conscious and deliberate
> before byte-compiling a file,
Have you ever byte-compiled a random ELisp file sent to you from some
unknown email address without looking at it first?
Have you ever viewed with Emacs a file sent from some unknown
email address?
For me the answers are "no, never" and "yes, many times".
Enabling flymake mode as above currently blurs the difference between
those two cases in terms of risks.
> then one could also remove Flymake from the hook while at that.
The whole point of the sandboxing exercise is so as to be able to have
flymake-mode in the hook without exposing yourself to
these vulnerabilities.
Stefan
bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode,
Stefan Monnier <=
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2021/04/18
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2021/04/18