GNU bug report logs - #45198
28.0.50; Sandbox mode

Previous Next

Package: emacs;

Reported by: Stefan Monnier <monnier <at> iro.umontreal.ca>

Date: Sat, 12 Dec 2020 18:20:02 UTC

Severity: normal

Tags: patch

Found in version 28.0.50

Full log

View this message in rfc822 format

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: alan <at> idiocy.org, mattiase <at> acm.org, 45198 <at> debbugs.gnu.org, stefan <at> marxist.se, p.stephani2 <at> gmail.com, joaotavora <at> gmail.com
Subject: bug#45198: 28.0.50; Sandbox mode
Date: Sat, 17 Apr 2021 13:53:34 -0400

>> My primary target is `elisp-flymake--batch-compile-for-flymake`.
> What does that mean in practice? what does that "target" require?

It needs to take untrusted ELisp code and run it (with no need for user
interaction) in a way that doesn't introduce any security risk.

Currently the code starts a new Emacs process in batch mode and lets it
do whatever it wants, with all the security problems this entails.

Normally, this untrusted ELisp code (the one present within
`eval-when-compile` and macros defined within the file) limits itself to
quite simple sexp manipulation, so the sandboxing can be quite
restrictive, disallowing things like user interaction, uses of
subprocesses, or writing to files.


        Stefan
This bug report was last modified 3 years and 7 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.