[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Please rename trusted-content to trusted-contents
From: |
Stefan Monnier |
Subject: |
Re: Please rename trusted-content to trusted-contents |
Date: |
Tue, 24 Dec 2024 00:14:38 -0500 |
User-agent: |
Gnus/5.13 (Gnus v5.13) |
The ensuing discussion makes me think the current identifiers are fine.
Stefan
Stefan Monnier [2024-12-21 23:48:45] wrote:
>>>> so if he is okay with that name, we are not in a bad place.
>>> I'm copying in Stefan Monnier, in case he has any comments.
>> Indeed, I hesitated between `trusted-content` and `trusted-contents` but
>> not long enough to learn which is right.
>
> OK, I tried to figure it out, but at least the info I found wasn't
> very definitive. It seems to have to do with whether it's countable or
> not, or whether it describe the "conceptual ideas" contained as opposed
> to the actual elements contained.
> I'm not sure which is more appropriate in this case and even less sure
> that one of the two is wrong.
>
> A related question is what to do with `untrusted-content` (which is the
> identifier with which I aligned mine). If we rename `trusted-content`,
> we should likely rename `untrusted-content` as well (and this one
> would require a backward compatibility alias).
>
>> I'll rename it ASAP, thanks Richard!
>
> Here's the patch I came up with via `grep` (without renaming
> `untrusted-content`).
>
>
> Stefan
>
>
> diff --git a/doc/emacs/misc.texi b/doc/emacs/misc.texi
> index 97a82747bfc..e0ce2233cfe 100644
> --- a/doc/emacs/misc.texi
> +++ b/doc/emacs/misc.texi
> @@ -298,9 +298,9 @@ Host Security
> Flymake, completion, and some other features, unless the visited file is
> @dfn{trusted}. It is up to you to specify which files on your system
> should be trusted, by customizing the user option
> -@code{trusted-content}.
> +@code{trusted-contents}.
>
> -@defopt trusted-content
> +@defopt trusted-contents
> The value of this option is @code{nil} by default, which means no file
> is trusted. You can customize the variable to be a list of one or more
> names of trusted files and directories. A file name that ends in a
> diff --git a/etc/NEWS b/etc/NEWS
> index 61cb66387bb..5ce4c3cd7f8 100644
> --- a/etc/NEWS
> +++ b/etc/NEWS
> @@ -200,7 +200,7 @@ see the variable 'url-request-extra-headers'.
> * Changes in Emacs 30.1
>
> +++
> -** New user option 'trusted-content' to allow potentially dangerous features.
> +** New user option 'trusted-contents' to allow potentially dangerous
> features.
> This variable lists those files and directories whose content Emacs should
> consider as sufficiently trusted to run any part of the code contained
> therein even without any explicit user request.
> @@ -1871,7 +1871,7 @@ In the past they included a terminating newline in most
> cases but not all.
> +++
> *** 'elisp-flymake-byte-compile' is disabled for untrusted files.
> For security reasons, this backend can be used only in those files
> -specified as trusted according to 'trusted-content' and emits an
> +specified as trusted according to 'trusted-contents' and emits an
> "untrusted content" warning otherwise.
> This fixes CVE-2024-53920.
>
> diff --git a/lisp/files.el b/lisp/files.el
> index 86eff296459..62905da1ee5 100644
> --- a/lisp/files.el
> +++ b/lisp/files.el
> @@ -714,7 +714,7 @@ untrusted-content
> This variable might be subject to change without notice.")
> (put 'untrusted-content 'permanent-local t)
>
> -(defcustom trusted-content nil
> +(defcustom trusted-contents nil
> "List of files and directories whose content we trust.
> Be extra careful here since trusting means that Emacs might execute the
> code contained within those files and directories without an explicit
> @@ -732,21 +732,21 @@ trusted-content
> :type '(choice (repeat :tag "List" file)
> (const :tag "Trust everything (DANGEROUS!)" :all))
> :version "30.1")
> -(put 'trusted-content 'risky-local-variable t)
> +(put 'trusted-contents 'risky-local-variable t)
>
> -(defun trusted-content-p ()
> +(defun trusted-contents-p ()
> "Return non-nil if we trust the contents of the current buffer.
> Here, \"trust\" means that we are willing to run code found inside of it.
> -See also `trusted-content'."
> +See also `trusted-contents'."
> ;; We compare with `buffer-file-truename' i.s.o `buffer-file-name'
> ;; to try and avoid marking as trusted a file that's merely accessed
> ;; via a symlink that happens to be inside a trusted dir.
> (and (not untrusted-content)
> (or
> - (eq trusted-content :all)
> + (eq trusted-contents :all)
> (and
> buffer-file-truename
> - (with-demoted-errors "trusted-content-p: %S"
> + (with-demoted-errors "trusted-contents-p: %S"
> (let ((exists (file-exists-p buffer-file-truename)))
> (or
> ;; We can't avoid trusting the user's init file.
> @@ -755,7 +755,7 @@ trusted-content-p
> (equal buffer-file-truename user-init-file))
> (let ((file (abbreviate-file-name buffer-file-truename))
> (trusted nil))
> - (dolist (tf trusted-content)
> + (dolist (tf trusted-contents)
> (when (or (if exists (file-equal-p tf file) (equal tf
> file))
> ;; We don't use `file-in-directory-p' here,
> because
> ;; we want to err on the conservative side:
> "guilty
> diff --git a/lisp/ielm.el b/lisp/ielm.el
> index 7511d4b02ae..da5ad992389 100644
> --- a/lisp/ielm.el
> +++ b/lisp/ielm.el
> @@ -580,7 +580,7 @@ inferior-emacs-lisp-mode
> ielm-fontify-input-enable
> (comint-fontify-input-mode))
>
> - (setq-local trusted-content :all)
> + (setq-local trusted-contents :all)
> (setq comint-prompt-regexp (concat "^" (regexp-quote ielm-prompt)))
> (setq-local paragraph-separate "\\'")
> (setq-local paragraph-start comint-prompt-regexp)
> diff --git a/lisp/progmodes/elisp-mode.el b/lisp/progmodes/elisp-mode.el
> index 17606352c4a..c48861712de 100644
> --- a/lisp/progmodes/elisp-mode.el
> +++ b/lisp/progmodes/elisp-mode.el
> @@ -451,7 +451,7 @@ elisp--local-macroenv
> (defvar elisp--macroexpand-untrusted-warning t)
>
> (defun elisp--safe-macroexpand-all (sexp)
> - (if (not (trusted-content-p))
> + (if (not (trusted-contents-p))
> ;; FIXME: We should try and do better here, either using a notion
> ;; of "safe" macros, or with `bwrap', or ...
> (progn
> @@ -1338,7 +1338,7 @@ lisp-interaction-mode
> \\{lisp-interaction-mode-map}"
> :abbrev-table nil
> (setq-local lexical-binding t)
> - (setq-local trusted-content :all))
> + (setq-local trusted-contents :all))
>
> ;;; Emacs Lisp Byte-Code mode
>
> @@ -2203,7 +2203,7 @@ elisp-flymake-byte-compile
> "A Flymake backend for elisp byte compilation.
> Spawn an Emacs process that byte-compiles a file representing the
> current buffer state and calls REPORT-FN when done."
> - (unless (trusted-content-p)
> + (unless (trusted-contents-p)
> ;; FIXME: Use `bwrap' and friends to compile untrusted content.
> ;; FIXME: We emit a message *and* signal an error, because by default
> ;; Flymake doesn't display the warning it puts into "*flmake log*".
> diff --git a/lisp/simple.el b/lisp/simple.el
> index 088678ba857..fd027ec1915 100644
> --- a/lisp/simple.el
> +++ b/lisp/simple.el
> @@ -2033,7 +2033,7 @@ read--expression
> (set-syntax-table emacs-lisp-mode-syntax-table)
> (add-hook 'completion-at-point-functions
> #'elisp-completion-at-point nil t)
> - (setq-local trusted-content :all)
> + (setq-local trusted-contents :all)
> (run-hooks 'eval-expression-minibuffer-setup-hook))
> (read-from-minibuffer prompt initial-contents
> read--expression-map t
- Re: Please rename trusted-content to trusted-contents, (continued)
- RE: [External] : Re: Please rename trusted-content to trusted-contents, Drew Adams, 2024/12/22
- Re: [External] : Re: Please rename trusted-content to trusted-contents, Björn Bidar, 2024/12/22
- Re: [External] : Re: Please rename trusted-content to trusted-contents, Richard Stallman, 2024/12/23
- Re: Please rename trusted-content to trusted-contents, Richard Stallman, 2024/12/22
- Re: Please rename trusted-content to trusted-contents, Björn Bidar, 2024/12/23
- Re: Please rename trusted-content to trusted-contents, Richard Stallman, 2024/12/24
- Re: Please rename trusted-content to trusted-contents,
Stefan Monnier <=
- Re: Please rename trusted-content to trusted-contents, Richard Stallman, 2024/12/22