bug#32495: 26.1; Arbitrary code execution when completing inside untrust

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#32495: 26.1; Arbitrary code execution when completing inside untrust

From:	Stefan Monnier
Subject:	bug#32495: 26.1; Arbitrary code execution when completing inside untrusted elisp code
Date:	Thu, 23 Aug 2018 14:54:31 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

> 1. pass in an environment with all untrusted macros replaced with dummies:

Sounds like a good first step.

We could even start with a blacklist rather than a whitelist
(eval-when-compile, eval-and-compile, cl-eval-when, ...), so the point
would be to protect oneself from accidental problems rather than from
malign adversaries.

> 2. bind all eval-capable functions first (INCOMPLETE, there are other
> eval-capable functions, such as load):

Trying to plug each and every hole sounds like a losing game
(e.g. you can implement `eval` by building a `(lambda () ,exp) and then
causing it to be called one way or another).

Ideally, we'd have some way to confine Elisp code to a sandbox of some
sort (e.g. no access to any I/O and all changes to global vars are ignored).


        Stefan

[Prev in Thread]

Current Thread

[Next in Thread]

bug#32495: 26.1; Arbitrary code execution when completing inside untrusted elisp code, Wilfred Hughes, 2018/08/21
- bug#32495: 26.1; Arbitrary code execution when completing inside untrusted elisp code, Stefan Monnier <=

Prev by Date: bug#32512: xref--read-identifier using etags backend should honor case-fold-search
Next by Date: bug#32516: 26.1; Reshape Arabic Characters in the Terminal
Previous by thread: bug#32495: 26.1; Arbitrary code execution when completing inside untrusted elisp code
Next by thread: bug#32496: 27.0.50; Strange indentation when ruby-align-chained-calls is t
Index(es):
- Date
- Thread