[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#45198: 28.0.50; Sandbox mode
From: |
João Távora |
Subject: |
bug#45198: 28.0.50; Sandbox mode |
Date: |
Sun, 13 Dec 2020 11:14:53 +0000 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) |
Stefan Monnier <monnier@iro.umontreal.ca> writes:
>>> > You cannot usefully call error from redisplay.
>>> Hmm... but this is at the entrance to redisplay, so I though it should
>>> still be safe at that point. If it's a problem we can replace the above
>>> with
>>> if (emacs_is_sandboxed)
>>> return;
>> Yes, I think this is what we should do in this case.
>
> With the change I just installed into `master`, I can now get
> `elisp-flymake-byte-compile` to use sandboxing successfully with the
> revised patch below.
Fantastic!
> Besides the above change, I made the same change in `Fdo_auto_save`
> (i.e. `do-auto-save` was made to just silently do nothing instead of
> signaling an error since it seemed to be too much trouble to change its
> callers to avoid calling it when sandboxed).
>
> I'm still worried that there remain wide open security holes, tho.
First, I wouldn't worry that terribly. This is certainly and
improvement. I won't be bitten again like that time I accidentally
typed (delete-directory ".") at macroexpand time.
That said, as you said the whitelisting approach is the safest one.
It'd be nice if you we a way to identify system calls and block all by
default. Then whitelist a bunch of calls (checking arguments). Not
sure if this can be done portably/systematically, though. Chroot also
comes to mind, but it's only for linux, right?
João
bug#45198: 28.0.50; Sandbox mode, Mattias Engdegård, 2020/12/13
bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/13
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2020/12/13
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/13
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2020/12/13
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/14
- bug#45198: 28.0.50; Sandbox mode, Stefan Monnier, 2020/12/14
- bug#45198: 28.0.50; Sandbox mode, Philipp Stephani, 2020/12/14