GNU bug report logs - #45198
28.0.50; Sandbox mode

Previous Next

Full log

View this message in rfc822 format

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: alan <at> idiocy.org, mattiase <at> acm.org, 45198 <at> debbugs.gnu.org, stefan <at> marxist.se, p.stephani2 <at> gmail.com, joaotavora <at> gmail.com
Subject: bug#45198: 28.0.50; Sandbox mode
Date: Sat, 17 Apr 2021 16:26:25 -0400

>> The normal way to enable flymake is something like
>>
>>     (add-hook 'emacs-lisp-mode #'flymake-mode)
>>
>> so the file gets compiled just because you're looking at it.
>> That's quite different from an explicit request from the user to compile
>> a file.
>
> It is?  Sorry, I don't see the difference, not a significant one.

It make `C-x C-f` a tool to run arbitrary code (since the file may end
with something apparently harmless like `.txt` but may actually use
`emacs-lisp-mode`).

> If you are implying that one does something conscious and deliberate
> before byte-compiling a file,

Have you ever byte-compiled a random ELisp file sent to you from some
unknown email address without looking at it first?

Have you ever viewed with Emacs a file sent from some unknown
email address?

For me the answers are "no, never" and "yes, many times".
Enabling flymake mode as above currently blurs the difference between
those two cases in terms of risks.

> then one could also remove Flymake from the hook while at that.

The whole point of the sandboxing exercise is so as to be able to have
flymake-mode in the hook without exposing yourself to
these vulnerabilities.


        Stefan

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.