[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#70440: [PATCH] Use -P switch when calling 'python-interpreter'
From: |
Augusto Stoffel |
Subject: |
bug#70440: [PATCH] Use -P switch when calling 'python-interpreter' |
Date: |
Fri, 19 Apr 2024 17:21:48 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) |
On Fri, 19 Apr 2024 at 10:15, Eli Zaretskii wrote:
>> From: Augusto Stoffel <arstoffel@gmail.com>
>> Cc: Eli Zaretskii <eliz@gnu.org>, 70440@debbugs.gnu.org
>> Date: Fri, 19 Apr 2024 08:08:43 +0200
>>
>> On Fri, 19 Apr 2024 at 00:25, kobarity wrote:
>>
>> > The -P switch is new, introduced in CPython 3.11, so I don't think it
>> > can be added unconditionally. Furthermore, `python-interpreter' may
>> > not be CPython. Isn't it enough to customize
>> > `python-interpreter-args'?
>>
>> After sleeping on this, I recommend using -P anyway and simply failing
>> if the installed Python is too old.
>>
>> The reason is that this has a security implication, similar to the
>> recent Org mode Latex preview situation. Without -P the user is tacitly
>> trusting the contents of the current directory. By tricking an user
>> into downloading a malicious file with an intentional name clash (say
>> via git pull), arbitrary code could in principle be executed on the
>> user's machine.
>>
>> The -P switch completely removes this possibility, and conversely,
>> without -P there seems to be no reasonable way to make Python safe.
>>
>> I've attached a new patch that informs the user why the commands failed
>> when Python is too old, which is good enough in my opinion. Note also
>> that this change only affects the Python import management commands,
>> which is a very handy but by no means essential feature.
>
> Doing it this way would be an annoyance. Users could have
> less-than-the-latest Python (or non-CPython version) installed for any
> number of reasons, and it is not our business to annoy them because of
> this. Security of using Python is not our concern, it is the user's
> concern.
>
> So I'd prefer that the change probed the support for the -P switch
> when the relevant Emacs commands/functions are first invoked, and used
> that if -P is supported, without any annoying messages. Do you see
> any problems with such an approach?
>
> Thanks.
Okay, you are the maintainer, but I hope I explained well that this is a
security hole.
(Apart from the security aspect, without -P the tool will just
mysteriously stop working if a file with a name such as csv.py is added
to the project; that's what happened to me. Perhaps outright not
working and explaining why is not as bad as working fine until it
doesn't anymore.)
- bug#70440: [PATCH] Use -P switch when calling 'python-interpreter', Augusto Stoffel, 2024/04/17
- bug#70440: [PATCH] Use -P switch when calling 'python-interpreter', Augusto Stoffel, 2024/04/19
- bug#70440: [PATCH] Use -P switch when calling 'python-interpreter', Eli Zaretskii, 2024/04/19
- bug#70440: [PATCH] Use -P switch when calling 'python-interpreter',
Augusto Stoffel <=
- bug#70440: [PATCH] Use -P switch when calling 'python-interpreter', Eli Zaretskii, 2024/04/19
- bug#70440: [PATCH] Use -P switch when calling 'python-interpreter', Augusto Stoffel, 2024/04/19
- bug#70440: [PATCH] Use -P switch when calling 'python-interpreter', Eli Zaretskii, 2024/04/19
- bug#70440: [PATCH] Use -P switch when calling 'python-interpreter', Augusto Stoffel, 2024/04/19
- bug#70440: [PATCH] Use -P switch when calling 'python-interpreter', Eli Zaretskii, 2024/04/19
- bug#70440: [PATCH] Use -P switch when calling 'python-interpreter', Augusto Stoffel, 2024/04/19
- bug#70440: [PATCH] Use -P switch when calling 'python-interpreter', Eli Zaretskii, 2024/04/19