--- Begin Message ---
Subject: |
Don't consider play-sound-file to be a 'safe' function |
Date: |
Thu, 15 Oct 2020 18:55:26 +0200 |
We should remove play-sound-file from the list of 'safe' functions in
unsafep.el.
The risks outweigh the benefits here; this is just basic security engineering.
The attack surface of play-sound-file is considerable.
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#44018: Don't consider play-sound-file to be a 'safe' function |
Date: |
Mon, 26 Oct 2020 17:32:26 +0100 |
Mattias EngdegÄrd <mattiase@acm.org> writes:
> Given Lars's approval and the lack of further objections, I'm removing
> play-sound-file from the list of safe functions in unsafep.el.
FWIW, I agree with this change. There have been many vulnerabilities
in this area, for example in the Linux kernel drivers. Who knows what
else is out there.
See, for example:
https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=linux+audio&search_type=all
--- End Message ---