GNU bug report logs - #45198
28.0.50; Sandbox mode

Previous Next

Package: emacs;

Reported by: Stefan Monnier <monnier <at> iro.umontreal.ca>

Date: Sat, 12 Dec 2020 18:20:02 UTC

Severity: normal

Tags: patch

Found in version 28.0.50

Full log

View this message in rfc822 format

From: Mattias Engdegård <mattiase <at> acm.org>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>, Eli Zaretskii <eliz <at> gnu.org>, João Távora <joaotavora <at> gmail.com>, Bastien <bzg <at> gnu.org>
Cc: 45198 <at> debbugs.gnu.org
Subject: bug#45198: 28.0.50; Sandbox mode
Date: Sun, 13 Dec 2020 16:31:00 +0100

> I'm still worried that there remain wide open security holes, tho.

Yes, and we need defence in depth. In addition to the measures already taken in the patch:

1. Add crash_if_sandboxed() calls in low-level routines that do objectionable things such as opening files for writing, create network connections, spawn processes, do DNS lookups, etc.

2. Platform-specific restrictions. I'll add macOS sandboxing if nobody else does. For Linux there are several options, most a bit messy but possible to use: seccomp (with or without BFP), name spaces, ptrace, etc.
This bug report was last modified 3 years and 7 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.