[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Access control in Emacs?
|
From: |
Robin Tarsiger |
|
Subject: |
Re: Access control in Emacs? |
|
Date: |
Wed, 15 Sep 2021 15:21:34 -0500 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 |
Stefan Monnier wrote:
>> I’m adding more powerful features to crdt.el including buffer local variable
>> synchronizations and arbitrary remote command/function call,
>
> Given the way Emacs is designed/structured this is a recipe for big
> gaping security holes. It can be OK to allow such things for *very*
> specific cases (a few specific well understood variables), but even such
> a "whitelist" is a problem because it requires careful and
> long term maintenance.
For the buffer-local variables specifically, we do already have
safe-local-variable-p which might cover a number of cases---and
that's already used for loading variables from untrusted files.
That said, that mechanism is still dangerous on an absolute scale
and has had security holes in the past (one of which I PoC'd and
reported myself decades ago, though I can't find it now).
Remote commands would be even more dangerously tricky to get right,
especially in the absence of ground-up infrastructure for it.
-RTT