GNU bug report logs - #70440
[PATCH] Use -P switch when calling 'python-interpreter'

Previous Next

Package: emacs;

Reported by: Augusto Stoffel <arstoffel <at> gmail.com>

Date: Wed, 17 Apr 2024 18:24:04 UTC

Severity: normal

Tags: patch

Full log

Message #29 received at 70440 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Augusto Stoffel <arstoffel <at> gmail.com>
Cc: 70440 <at> debbugs.gnu.org, kobarity <at> gmail.com
Subject: Re: bug#70440: [PATCH] Use -P switch when calling 'python-interpreter'
Date: Fri, 19 Apr 2024 10:15:06 +0300

> From: Augusto Stoffel <arstoffel <at> gmail.com>
> Cc: Eli Zaretskii <eliz <at> gnu.org>,  70440 <at> debbugs.gnu.org
> Date: Fri, 19 Apr 2024 08:08:43 +0200
> 
> On Fri, 19 Apr 2024 at 00:25, kobarity wrote:
> 
> > The -P switch is new, introduced in CPython 3.11, so I don't think it
> > can be added unconditionally.  Furthermore, `python-interpreter' may
> > not be CPython.  Isn't it enough to customize
> > `python-interpreter-args'?
> 
> After sleeping on this, I recommend using -P anyway and simply failing
> if the installed Python is too old.
> 
> The reason is that this has a security implication, similar to the
> recent Org mode Latex preview situation.  Without -P the user is tacitly
> trusting the contents of the current directory.  By tricking an user
> into downloading a malicious file with an intentional name clash (say
> via git pull), arbitrary code could in principle be executed on the
> user's machine.
> 
> The -P switch completely removes this possibility, and conversely,
> without -P there seems to be no reasonable way to make Python safe.
> 
> I've attached a new patch that informs the user why the commands failed
> when Python is too old, which is good enough in my opinion.  Note also
> that this change only affects the Python import management commands,
> which is a very handy but by no means essential feature.

Doing it this way would be an annoyance.  Users could have
less-than-the-latest Python (or non-CPython version) installed for any
number of reasons, and it is not our business to annoy them because of
this.  Security of using Python is not our concern, it is the user's
concern.

So I'd prefer that the change probed the support for the -P switch
when the relevant Emacs commands/functions are first invoked, and used
that if -P is supported, without any annoying messages.  Do you see
any problems with such an approach?

Thanks.
This bug report was last modified 1 year and 59 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.