[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

package security auditing and isolation

From: Ted Zlatanov
Subject: package security auditing and isolation
Date: Thu, 06 Apr 2017 10:15:59 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux)

After watching some discussions among the MELPA maintainers, I wanted to
ask what Emacs itself can do to audit and isolate packages from
modifying the user's system. This is a concern for almost all Emacs
users because any ELPA repository, its sources, and its signing process
can be compromised for at least a short time. I think it's good to
assume this will happen sooner or later, and to proactively defend Emacs
users from it.

I propose two specific pieces of functionality, which I think are
essential to this task:

1) tools for analyzing the source code and finding the function calls
that can be dangerous. This includes eval, calling the shell, etc.

I don't know how feasible this is, but IMHO it would be valuable. At the
very least it could make code reviews easier by focusing on the
potentially problematic sections. I think Emacs' core is the right place
to add such code, not modules or add-on packages.

2) establishing isolation levels in the C core. Simply put, not all
packages need to be able to run shell commands, delete or modify files,
and so on. When the user installs or updates a package, if the needed
access levels change, that should be noted and acknowledged.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]