[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validati
From: |
Eric Abrahamsen |
Subject: |
bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter) |
Date: |
Fri, 29 Sep 2017 13:31:59 -0700 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.0.60 (gnu/linux) |
Noam Postavsky <npostavs@users.sourceforge.net> writes:
> Eric Abrahamsen <eric@ericabrahamsen.net> writes:
>
>> Essentially it is validating twice, both before and after the actual
>> objects are created. I don't have a very firm grasp of all the code
>> involved, but in principle I would prefer just to eval all object
>> construction forms regardless, and then let it blow up at "real"
>> validation time -- it was going to blow up anyway.
>
> Hmm, yeah, it does look the prevalidation is mostly redundant work. The
> docstring of eieio-persistent-convert-list-to-object mentions malicious
> code, perhaps the prevalidation should be with unsafep (i.e., don't try
> to typecheck anything, just make sure it's safe to eval). This would
> require that object constructors could be marked safe though.
That sounds like the right solution. I've never looked at
unsafep.el, and don't know exactly how it works, but in principle I
think object creation should be "safe". Of note:
1. Strings read from the persistence file are already stripped of
properties.
2. Slot values are simply validated by type. I don't think eval is
called anywhere, though I'd be happy to try to make sure of this.
3. Object creation could run malicious code *if* someone had overridden
`initialize-instance' or `shared-initialize', and injected random
hard-drive-destroying code. But I don't think this malicious code
could be included in a persistence file itself (that's worth looking
in to).
I don't know how close that gets us to "safe".
>> But again, my patch or something like it would be enough to get
>> everything working as advertised.
>
> Right. I think your patch is probably fine, though a few tests might a
> good idea too.
I might as well write tests that exercise the whole eieio-persistent
round-trip: create a few test objects, write them to a tmp file, and
read them back as objects.
Thanks,
Eric
- bug#28489: 27.0.50; eieio-persistent slot type validation should be a bit smarter, Eric Abrahamsen, 2017/09/17
- Message not available
- bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter), Eric Abrahamsen, 2017/09/26
- bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter), Noam Postavsky, 2017/09/26
- bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter), Eric Abrahamsen, 2017/09/27
- bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter), Noam Postavsky, 2017/09/27
- bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter), Eric Abrahamsen, 2017/09/28
- bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter), Noam Postavsky, 2017/09/28
- bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter),
Eric Abrahamsen <=
- bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter), Noam Postavsky, 2017/09/29
- bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter), Eric Abrahamsen, 2017/09/30
- bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter), Noam Postavsky, 2017/09/30
- bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter), Eric Abrahamsen, 2017/09/30