GNU bug report logs - #45198
28.0.50; Sandbox mode

Previous Next

Package: emacs;

Reported by: Stefan Monnier <monnier <at> iro.umontreal.ca>

Date: Sat, 12 Dec 2020 18:20:02 UTC

Severity: normal

Tags: patch

Found in version 28.0.50

Full log

Message #245 received at 45198 <at> debbugs.gnu.org (full text, mbox):

From: Philipp Stephani <p.stephani2 <at> gmail.com>
To: Mattias Engdegård <mattiase <at> acm.org>
Cc: 45198 <at> debbugs.gnu.org, Stefan Kangas <stefankangas <at> gmail.com>,
 Alan Third <alan <at> idiocy.org>, Stefan Monnier <monnier <at> iro.umontreal.ca>,
 João Távora <joaotavora <at> gmail.com>
Subject: Re: bug#45198: 28.0.50; Sandbox mode
Date: Sat, 17 Apr 2021 21:16:59 +0200

Am Sa., 17. Apr. 2021 um 19:22 Uhr schrieb Mattias Engdegård <mattiase <at> acm.org>:
> > As we gain more experience with these sandboxing mechanisms, we can look at relaxing these restrictions, but I think initially we should be conservative.
>
> I take the opposite view, but our goals are the same and we will converge.

As long as they converge before releasing Emacs 28, fine. After that
it will be very difficult to restrict an initially-open interface.

> >> +Already open descriptors can be used freely. */)
> >
> > What does this mean?  Emacs doesn't really expose file descriptors to users.
>
> It sort of does (in the form of processes), but there could also be descriptors not directly exposed. It would be incomplete not to mention the possibility. It looks like the seccomp filter generator uses the same policy, treating descriptors as capabilities.

Yes, but since it's only a command-line flag right now, there
shouldn't be any open file descriptors except the standard ones, so
this specific bit of complexity is avoided.
This bug report was last modified 3 years and 7 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.