[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Emacs Arbitrary Code Execution and How to Avoid It
|
From: |
Eshel Yaron |
|
Subject: |
Re: Emacs Arbitrary Code Execution and How to Avoid It |
|
Date: |
Tue, 03 Dec 2024 21:25:50 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Hi,
Gerd Möllmann <gerd.moellmann@gmail.com> writes:
> Christopher Howard <christopher@librehacker.com> writes:
>
>> Hi, I read the interesting write up here:
>>
>> https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html
>>
>> I wasn't terribly worried about this, as I don't *automatically*
>> activate Flymake or Flycheck. But the article did mention that "code
>> completion runs arbitrary code", and I was wondering more about that.
>> I do not currently use Completion Preview mode. I have used Company in
>> the past but company-mode is not currently activated. So, if I am just
>> viewing an elisp file, i.e., not typing anything it in, nor running
>> dabbrev commands, is there any danger?
Probably not, but this really depends on the specifics of your setup.
Namely, the "danger" comes from macro-expanding untrusted code, so if
you don't do anything that involves expanding macros, then you're fine.
Regarding completion in particular: ELisp mode adds a function
elisp-completion-at-point to completion-at-point-functions, so whatever
completion mechanism you use that runs completion-at-point-functions may
call elisp-completion-at-point. Now, when elisp-completion-at-point
thinks that variable names are appropriate completion candidates at the
current position, it returns a completion table that, among other things,
expands macros when the completion mechanism queries it. So it comes
down to whether or not you "trigger completion", and exactly where.
Again, which actions trigger completion and which don't depend on your
specific setup.
>> Should I setup Emacs to, by default, open all elisp files in View
>> Mode?
Not necessarily. First, editing files that you control and/or trust
remains perfectly safe: no need to for such measures in you own config,
for example. Second, you can trigger macro-expansion (and therefore run
into risk in case of a malicious file) even if you do enable View mode:
for example, the elisp-def package sometimes expands macros when you use
it to jump to a symbol's definition.
>> Regarding dabbrev, I know dabbrev can search all buffers but I don't know if
>> it does any macro expansion.
I don't think dabbrev expands macros.
Best,
Eshel
Re: Emacs Arbitrary Code Execution and How to Avoid It, Jean Louis, 2024/12/04