Re: dtrace

[Eli Zaretskii]

> From: Gerd Möllmann <gerd.moellmann@gmail.com>
> Cc: eller.helmut@gmail.com,  emacs-devel@gnu.org,  pipcet@protonmail.com
> Date: Thu, 16 Jan 2025 13:07:37 +0100
> 
> Eli Zaretskii <eliz@gnu.org> writes:
> 
> > If we don't want to grant root privileges to Emacs, how about doing
> > granting them to a separate sub-process, also running Emacs, perhaps
> > via the async package?
> 
> To be generally useful, a DTrace consumer feature would probably have to
> let a user a D script plus some Lisp. The D script is required by
> libdtrace and specified the probe(s) to listen to, at a minimum. That's
> safe because D is safe. AFAIU, libdtrace then calls a user-supplied
> "chew" function when it has probe data. That would be some C function in
> Emacs. In that chew function, one would have to call Lisp to do
> something with the probes. So we'd execute arbitrary Lisp as root.
> 
> I'm feeling very uncomfortable with that idea. Imagine someone
> distributes a package doing The Really Useful Thing using Emacs+DTrace,
> the installs it, enters his root password... 

OK, then how about this idea: write a simple wrapper for libdtrace
that just outputs the data to a file.  Then the file could be
processed by a regular Emacs session, which will need no privileges.
Does that make sense?