[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
package security auditing and isolation
From: |
Ted Zlatanov |
Subject: |
package security auditing and isolation |
Date: |
Thu, 06 Apr 2017 10:15:59 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) |
After watching some discussions among the MELPA maintainers, I wanted to
ask what Emacs itself can do to audit and isolate packages from
modifying the user's system. This is a concern for almost all Emacs
users because any ELPA repository, its sources, and its signing process
can be compromised for at least a short time. I think it's good to
assume this will happen sooner or later, and to proactively defend Emacs
users from it.
I propose two specific pieces of functionality, which I think are
essential to this task:
1) tools for analyzing the source code and finding the function calls
that can be dangerous. This includes eval, calling the shell, etc.
I don't know how feasible this is, but IMHO it would be valuable. At the
very least it could make code reviews easier by focusing on the
potentially problematic sections. I think Emacs' core is the right place
to add such code, not modules or add-on packages.
2) establishing isolation levels in the C core. Simply put, not all
packages need to be able to run shell commands, delete or modify files,
and so on. When the user installs or updates a package, if the needed
access levels change, that should be noted and acknowledged.
Thanks
Ted
- package security auditing and isolation,
Ted Zlatanov <=
- Re: package security auditing and isolation, Stefan Monnier, 2017/04/06
- Re: package security auditing and isolation, Yuri Khan, 2017/04/06
- Re: package security auditing and isolation, Ted Zlatanov, 2017/04/06
- Re: package security auditing and isolation, Stefan Monnier, 2017/04/06
- Re: package security auditing and isolation, Ted Zlatanov, 2017/04/06
- Re: package security auditing and isolation, Stefan Monnier, 2017/04/06
- Re: package security auditing and isolation, Ted Zlatanov, 2017/04/06
- Re: package security auditing and isolation, Tim Cross, 2017/04/07
- Re: package security auditing and isolation, Clément Pit-Claudel, 2017/04/06