GNU bug report logs - #45198
28.0.50; Sandbox mode

Previous Next

Package: emacs;

Reported by: Stefan Monnier <monnier <at> iro.umontreal.ca>

Date: Sat, 12 Dec 2020 18:20:02 UTC

Severity: normal

Tags: patch

Found in version 28.0.50

Full log

View this message in rfc822 format

From: João Távora <joaotavora <at> gmail.com>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: Bastien <bzg <at> gnu.org>, Philipp Stephani <p.stephani2 <at> gmail.com>, 45198 <at> debbugs.gnu.org
Subject: bug#45198: 28.0.50; Sandbox mode
Date: Sun, 13 Dec 2020 20:13:16 +0000

Stefan Monnier <monnier <at> iro.umontreal.ca> writes:

>> I don't think such an approach can work. It assumes perfect knowledge
>> about anything that might be problematic, and also assumes that all
>> future changes to Emacs take the sandbox question into account.
>> Especially the latter point seems unrealistic, and this looks like a
>> security incident waiting to happen.
>
> That's true for the implementation side.
> How 'bout the ELisp API side?

That's well pointed out.  Why can't we just put the gate in the default
expansion of the C DEFUN macro?  There are only so many DEFUN's.  Then
the whitelisting could proceed from there.  DEFUN's are rarely added,
and they would be forbidden in sandbox mode by default.

João
This bug report was last modified 3 years and 7 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.