[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validati
|
From: |
Eric Abrahamsen |
|
Subject: |
bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter) |
|
Date: |
Sat, 14 Oct 2017 14:13:34 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.0.90 (gnu/linux) |
Eric Abrahamsen <eric@ericabrahamsen.net> writes:
> On 09/28/17 20:35 PM, Noam Postavsky wrote:
>> Eric Abrahamsen <eric@ericabrahamsen.net> writes:
>>
>>> Essentially it is validating twice, both before and after the actual
>>> objects are created. I don't have a very firm grasp of all the code
>>> involved, but in principle I would prefer just to eval all object
>>> construction forms regardless, and then let it blow up at "real"
>>> validation time -- it was going to blow up anyway.
>>
>> Hmm, yeah, it does look the prevalidation is mostly redundant work. The
>> docstring of eieio-persistent-convert-list-to-object mentions malicious
>> code, perhaps the prevalidation should be with unsafep (i.e., don't try
>> to typecheck anything, just make sure it's safe to eval). This would
>> require that object constructors could be marked safe though.
>
> I've never looked at `unsafep' and don't know what's involved in marking
> object constructors as safe, but that certainly sounds like the right
> solution.
>
> Object creation *ought to* be safe. First, properties are already
> stripped from strings. Second, the only way a creation of an object
> could have side effects is if someone overloaded `initialize-instance'
> or `shared-initialize' and inserted random hard-drive-destroying code
> there. But `eieio-persistent-read' can't do that by itself; it would
> have to be run in conjunction with a separate malicious library.
>
> Otherwise, object creation really just involves making objects,
> validating the data that
>
> Aga
>
>>> But again, my patch or something like it would be enough to get
>>> everything working as advertised.
>>
>> Right. I think your patch is probably fine, though a few tests might a
>> good idea too.
>
> Tests are an excellent idea. Why don't I fool with this patch a bit
> longer, write some tests, and commit the smallest change possible. Then
> open another bug report on the larger question of validation, and the
> possibility of marking object constructors as safe.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#28489: Acknowledgement (27.0.50; eieio-persistent slot type validation should be a bit smarter),
Eric Abrahamsen <=