emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: package security auditing and isolation


From: Stefan Monnier
Subject: Re: package security auditing and isolation
Date: Thu, 06 Apr 2017 10:48:20 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux)

> I propose two specific pieces of functionality, which I think are
> essential to this task:
>
> 1) tools for analyzing the source code and finding the function calls
> that can be dangerous. This includes eval, calling the shell, etc.
>
> I don't know how feasible this is, but IMHO it would be valuable. At the
> very least it could make code reviews easier by focusing on the
> potentially problematic sections. I think Emacs' core is the right place
> to add such code, not modules or add-on packages.

Are you thinking of this to protect against accidental problems, or to
protect against a malicious attacker?

It seems like it would be completely ineffective against a malicious
attacker (especially if such an tool auditing is "standardized"), but
I can't imagine it being very effective for the accidental case either.

> 2) establishing isolation levels in the C core.  Simply put, not all
> packages need to be able to run shell commands, delete or modify files,
> and so on.  When the user installs or updates a package, if the needed
> access levels change, that should be noted and acknowledged.

That could be done, but it's a major restructuring, which will probably
require major changes to be able to isolate packages from each other.


        Stefan




reply via email to

[Prev in Thread] Current Thread [Next in Thread]