GNU bug report logs - #45198
28.0.50; Sandbox mode

Previous Next

Package: emacs;

Reported by: Stefan Monnier <monnier <at> iro.umontreal.ca>

Date: Sat, 12 Dec 2020 18:20:02 UTC

Severity: normal

Tags: patch

Found in version 28.0.50

Full log

View this message in rfc822 format

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: alan <at> idiocy.org, mattiase <at> acm.org, 45198 <at> debbugs.gnu.org, stefan <at> marxist.se, p.stephani2 <at> gmail.com, joaotavora <at> gmail.com
Subject: bug#45198: 28.0.50; Sandbox mode
Date: Sun, 18 Apr 2021 10:25:47 -0400

>> The whole point of the sandboxing exercise is so as to be able to have
>> flymake-mode in the hook without exposing yourself to
>> these vulnerabilities.
>
> So we are going to introduce all this non-trivial machinery into Emacs
> just to solve the Flymake use case?  Is that reasonable from the
> project management POV, in your eyes?

To the extent that this machinery will only be used by those rare places
that need it (e.g. flymake), yes, as long as the low-level interface
(e.g. the code that added the support for the `--seccomp` argument) is
simple enough.

BTW, in the context of GNU/Linux, an alternative to `--seccomp` is to
require the `bwrap` tool (that's what I use in the `elpa-admin.el`
scripts to run makefile rules from ELPA packages).


        Stefan
This bug report was last modified 3 years and 7 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.