GNU bug report logs - #45198
28.0.50; Sandbox mode

Previous Next

Package: emacs;

Reported by: Stefan Monnier <monnier <at> iro.umontreal.ca>

Date: Sat, 12 Dec 2020 18:20:02 UTC

Severity: normal

Tags: patch

Found in version 28.0.50

Full log

Message #26 received at 45198 <at> debbugs.gnu.org (full text, mbox):

From: Philipp Stephani <p.stephani2 <at> gmail.com>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: Bastien <bzg <at> gnu.org>, 45198 <at> debbugs.gnu.org,
 João Távora <joaotavora <at> gmail.com>
Subject: Re: bug#45198: 28.0.50; Sandbox mode
Date: Sun, 13 Dec 2020 18:04:52 +0100

Am Sa., 12. Dez. 2020 um 20:40 Uhr schrieb Stefan Monnier
<monnier <at> iro.umontreal.ca>:
>
> One thing I'm particularly eager to hear your opinion about is whether
> there might be more holes to plug (i.e. more places where we need to
> call `ensure_no_sandbox`).  Clearly, from a security perspective, this is
> the main drawback of this approach: it's based on a black list rather
> than on a whitelist.  Still, I have the impression that it should
> be manageable.

I don't think such an approach can work. It assumes perfect knowledge
about anything that might be problematic, and also assumes that all
future changes to Emacs take the sandbox question into account.
Especially the latter point seems unrealistic, and this looks like a
security incident waiting to happen.
Sandboxing is good, but it should happen using an allowlist and
established technology, such as firejail/bubblewrap/Google sandboxed
API/...
This bug report was last modified 3 years and 7 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.