[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#45198: 28.0.50; Sandbox mode
From: |
Stefan Monnier |
Subject: |
bug#45198: 28.0.50; Sandbox mode |
Date: |
Sat, 17 Apr 2021 13:53:34 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) |
>> My primary target is `elisp-flymake--batch-compile-for-flymake`.
> What does that mean in practice? what does that "target" require?
It needs to take untrusted ELisp code and run it (with no need for user
interaction) in a way that doesn't introduce any security risk.
Currently the code starts a new Emacs process in batch mode and lets it
do whatever it wants, with all the security problems this entails.
Normally, this untrusted ELisp code (the one present within
`eval-when-compile` and macros defined within the file) limits itself to
quite simple sexp manipulation, so the sandboxing can be quite
restrictive, disallowing things like user interaction, uses of
subprocesses, or writing to files.
Stefan
- bug#45198: 28.0.50; Sandbox mode, (continued)
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Mattias EngdegÄrd, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2021/04/17
bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode,
Stefan Monnier <=
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2021/04/17
- bug#45198: 28.0.50; Sandbox mode, Eli Zaretskii, 2021/04/18
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2021/04/18