GNU bug report logs - #75017
31.0.50; Untrusted user lisp files

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Package: emacs; Reported by: john muhl <jm@HIDDEN>; dated Sat, 21 Dec 2024 20:50:02 UTC; Maintainer for emacs is bug-gnu-emacs@HIDDEN.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 31 Dec 2024 04:45:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Dec 30 23:45:56 2024
Received: from localhost ([127.0.0.1]:60764 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tSU8i-0003ii-0a
	for submit <at> debbugs.gnu.org; Mon, 30 Dec 2024 23:45:56 -0500
Received: from eggs.gnu.org ([209.51.188.92]:54464)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rms@HIDDEN>) id 1tSU8d-0003iP-7D
 for 75017 <at> debbugs.gnu.org; Mon, 30 Dec 2024 23:45:54 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <rms@HIDDEN>)
 id 1tSU6P-0007y6-Mk; Mon, 30 Dec 2024 23:43:33 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=Date:References:Subject:In-Reply-To:To:From:
 mime-version; bh=QFnG1ciEDMOhnbTtRZL3DZyoN9/Wl1cVBgoqP5RerLU=; b=bilPKx771sRL
 yeqKe3qw9oVgsyovPXDO70GcvsL9TLjEBgBQdMTNxNmFUksD1h2ph9ESzSNWwia3HK3Wgi6cNPIWE
 0+JF4qZcd/wav4WPHy6FvhJAFa4zi3dzR3o23ix30oUWh8AG8f21fLRs7sLpEYEFiY4B+Hlo0fpO3
 6Bz8psKOs5KBesxxECWh5Hq/flYdPxYfgSlwuIWEetG33CblzjV6klQlg7MMNS/XxXn9ddHJRSJ7P
 tMB7ZtUPBwKBOmWh1WaRST3DT45BZFohlnX5G4Vvxm/SfQ2WS6Arla9U2OUeAwJ5hvaxBAmGCVEyg
 C2ooxBi8GdWkcNNKsveO2g==;
Received: from rms by fencepost.gnu.org with local (Exim 4.90_1)
 (envelope-from <rms@HIDDEN>)
 id 1tSU6P-0003uC-51; Mon, 30 Dec 2024 23:43:33 -0500
Content-Type: text/plain; charset=Utf-8
From: Richard Stallman <rms@HIDDEN>
To: Sean Whitton <spwhitton@HIDDEN>
In-Reply-To: <87ed1tpobf.fsf@HIDDEN> (message from Sean
 Whitton on Fri, 27 Dec 2024 07:39:16 +0000)
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN>
 <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN>
 <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
 <865xna60oj.fsf@HIDDEN>
 <4ff33026-e509-41d0-8d02-e67db644a797@HIDDEN>
 <87ed1tpobf.fsf@HIDDEN>
Message-Id: <E1tSU6P-0003uC-51@HIDDEN>
Date: Mon, 30 Dec 2024 23:43:33 -0500
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 75017
Cc: dmitry@HIDDEN, eliz@HIDDEN, jm@HIDDEN, stefankangas@HIDDEN,
 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Reply-To: rms@HIDDEN
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > >> For Debian we'll probably patch in so everything that we install on
  > >> the system is automatically trusted.

I wouldn't say that is "wrong", but it sounds overconfident.
It is useful to keep in mind that we do make mistakes,
so sometimes it is wise not to bet that we never made any.

-- 
Dr Richard Stallman (https://stallman.org)
Chief GNUisance of the GNU Project (https://gnu.org)
Founder, Free Software Foundation (https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 29 Dec 2024 19:15:22 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 29 14:15:22 2024
Received: from localhost ([127.0.0.1]:56236 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tRyl0-0000FL-FD
	for submit <at> debbugs.gnu.org; Sun, 29 Dec 2024 14:15:22 -0500
Received: from thaodan.de ([185.216.177.71]:40130)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bjorn.bidar@HIDDEN>) id 1tRyky-0000F5-Ji
 for 75017 <at> debbugs.gnu.org; Sun, 29 Dec 2024 14:15:21 -0500
Received: from odin (dsl-trebng12-50dc7b-49.dhcp.inet.fi [80.220.123.49])
 by thaodan.de (Postfix) with ESMTPSA id CFE0CD00090;
 Sun, 29 Dec 2024 21:14:44 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=thaodan.de; s=mail;
 t=1735499685; bh=OBsbQDjLOU7y37gznVo3/UBJpsFL1slz5qTbwX+tMW0=;
 h=From:To:Cc:Subject:In-Reply-To:References:Date;
 b=XfD/dNyk8Y25ef4UdcjeJ4Cu2DcjvIP6S1oR819LAVPMyyRaKBoUaHY44tfQY2SEh
 cPcUVG3WG9FWJ2lK9873HOTeON4OLbbUn7BbNEXG/mbYDMJDWZG9oqpRyUssnliGwi
 G4DR6UKZGG6z8ti/oCKIjDSq7zhFZbFeR5mcHGkT97cEFksfisGBLTE+Ou9xg16Gfe
 ruaCn3nhizy0CJRgAnxdnj0YlbDlNXvmxiJqj4NeI4yHMi1W25Rrin/0V3ah5FXjH2
 eW94Oji/F2UWecRwklZn6rnsB/s/PGcWKr0PXxqUVMDcrncQXdWLDxWiTzW8xCSnyK
 J9j9zeLeO5Jf/Ve1UsdFRoGYVP6AERZun6uHMdQGuk5Z1FXWKwHUXMPjyJS4h4cwPn
 us149r3flyUmLrJ86sewVVTVmh0oQsBMC1Nx8d9RHfiOZ3ML3XvaY2tHYOCS5u33Zd
 LAkrjkUdIXHmzR87sqrN055//ZGqmmvovvUDoFIWjEUjoFvIm9J8HelJXSTHQWGA7Z
 LHBANHFQwZGxMeZUOYs2SP5Ka9OJF/jEdcRHvwIQeqE7aZkpwsevtfBsCilION98ct
 /hLOp1J8JNWY28cGeYOZtoaDov0+D1FUfHhdDVIYiQ9QWABlqIkvHkb1p52uTDBpmm
 IoXWImIpEkeClgqcEE+91BRM=
From: =?utf-8?Q?Bj=C3=B6rn?= Bidar <bjorn.bidar@HIDDEN>
To: Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
 text editors" <bug-gnu-emacs@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
In-Reply-To: <jwvttanamdv.fsf-monnier+emacs@HIDDEN> (Stefan Monnier via's
 message of "Sat, 28 Dec 2024 09:57:24 -0500")
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN> <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN> <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
 <865xna60oj.fsf@HIDDEN> <4ff33026-e509-41d0-8d02-e67db644a797@HIDDEN>
 <87ed1tpobf.fsf@HIDDEN>
 <jwvttanamdv.fsf-monnier+emacs@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
Autocrypt: addr=bjorn.bidar@HIDDEN; prefer-encrypt=nopreference; keydata=
 mDMEZNfpPhYJKwYBBAHaRw8BAQdACBEmr+0xwIIHZfIDlZmm7sa+lHHSb0g9FZrN6qE6ru60JUJq
 w7ZybiBCaWRhciA8Ympvcm4uYmlkYXJAdGhhb2Rhbi5kZT6IlgQTFgoAPgIbAwULCQgHAgIiAgYV
 CgkICwIEFgIDAQIeBwIXgBYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1/YmAhkBAAoJEFwbdKFl
 HF9oB9cBAJoIIGQKXm4cpap+Flxc/EGnYl0123lcEyzuduqvlDT0AQC3OlFKm/OiqJ8IMTrzJRZ8
 phFssTkSrrFXnM2jm5PYDoiTBBMWCgA7FiEEUfF263VHMB6nKairXBt0oWUcX2gFAmTX6T4CGwMF
 CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQXBt0oWUcX2hbCQEAtru7kvM8hi8zo6z9ux2h
 K+B5xViKuo7Z8K3IXuK5ugwA+wUfKzomzdBPhfxDsqLcEziGRxoyx0Q3ld9aermBUccHtBxCasO2
 cm4gQmlkYXIgPG1lQHRoYW9kYW4uZGU+iJMEExYKADsCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC
 HgcCF4AWIQRR8XbrdUcwHqcpqKtcG3ShZRxfaAUCZNf2FQAKCRBcG3ShZRxfaCzSAP4hZ7cSp0YN
 XYpcjHdsySh2MuBhhoPeLGXs+2kSiqBiOwD/TP8AgPEg/R+SI9GI9on7fBJJ0mp2IT8kZ2rhDOjg
 gA6IkwQTFgoAOxYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1+ntAhsDBQsJCAcCAiICBhUKCQgL
 AgQWAgMBAh4HAheAAAoJEFwbdKFlHF9oBgwA/iQHwe0VL4Df4GGTYlNjMSHFlIkBmN4UfYGLYj3E
 TrOUAQC51M+M3cjsL8WHdpBz6VAo6df9d+rVwhQ9vQuFHqevArg4BGTX6T4SCisGAQQBl1UBBQEB
 B0Cbohc3JEfn005/cm0AOGjSsW1ZxAkgaoVNjbpqk4MgNAMBCAeIeAQYFgoAIBYhBFHxdut1RzAe
 pymoq1wbdKFlHF9oBQJk1+k+AhsMAAoJEFwbdKFlHF9ooHABAKGmrGBic/Vys3BBrOQiRB3Z7izO
 HwhqTRpAqFZtXS2nAQDZhp/5aYw1TZjTzkm1KVt9QiYnjd/MvxRE9iaY6x4mDbgzBGTX6T4WCSsG
 AQQB2kcPAQEHQAgRJq/tMcCCB2XyA5WZpu7GvpRx0m9IPRWazeqhOq7uiO8EGBYKACAWIQRR8Xbr
 dUcwHqcpqKtcG3ShZRxfaAUCZNf71AIbIgCBCRBcG3ShZRxfaHYgBBkWCgAdFiEEUfF263VHMB6n
 KairXBt0oWUcX2gFAmTX+9QACgkQXBt0oWUcX2jeSwD6AtWn0cuo8IF35YRo4o3cDRJnUfJnbvJy
 GxyCDThR+zYBAKG6/jdwmZkBQZKslnDAbMMd2WfiZZT5JW3IWC4EaKMO7HkBAKYPGZ3UbfkRvfFK
 S+pQ9CgtNfkSJQBtT1Ob7Y6nsacgAQCpyXN7yppmhW/oBgivITPy9Lkg+V4NK9WZYZCU9Q7LBA==
Date: Sun, 29 Dec 2024 21:14:44 +0200
Message-ID: <87cyha2tej.fsf@>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 1.2 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army
 knife of text editors" <bug-gnu-emacs@HIDDEN> writes: >> For Debian we'll
 probably patch in so everything that we install on >> the system is
 automatically trusted. > > Sounds fine, yes. 
 Content analysis details:   (1.2 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [185.216.177.71 listed in bl.score.senderscore.com]
 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
 The query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [185.216.177.71 listed in sa-accredit.habeas.com]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 1.2 INVALID_MSGID          Message-Id is not valid, according to RFC 2822
X-Debbugs-Envelope-To: 75017
Cc: 75017 <at> debbugs.gnu.org, jm@HIDDEN, Dmitry Gutov <dmitry@HIDDEN>,
 stefankangas@HIDDEN, Eli Zaretskii <eliz@HIDDEN>,
 Sean Whitton <spwhitton@HIDDEN>,
 Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.2 (/)

Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
text editors" <bug-gnu-emacs@HIDDEN> writes:

>> For Debian we'll probably patch in so everything that we install on
>> the system is automatically trusted.
>
> Sounds fine, yes.

IMHO this probably applies to all distributions.

Is site-lisp not trusted by default when launching with
site-lisp/site-init enabled?
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 29 Dec 2024 19:15:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 29 14:15:04 2024
Received: from localhost ([127.0.0.1]:56227 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tRyki-000093-1Q
	for submit <at> debbugs.gnu.org; Sun, 29 Dec 2024 14:15:04 -0500
Received: from thaodan.de ([185.216.177.71]:46706)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bjorn.bidar@HIDDEN>) id 1tRykf-00007Y-D3
 for 75017 <at> debbugs.gnu.org; Sun, 29 Dec 2024 14:15:01 -0500
Received: from odin (dsl-trebng12-50dc7b-49.dhcp.inet.fi [80.220.123.49])
 by thaodan.de (Postfix) with ESMTPSA id 9E5D4D00030;
 Sun, 29 Dec 2024 21:14:25 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=thaodan.de; s=mail;
 t=1735499666; bh=OBsbQDjLOU7y37gznVo3/UBJpsFL1slz5qTbwX+tMW0=;
 h=From:To:Cc:Subject:In-Reply-To:References:Date;
 b=BRyGeuYBRn9wiAnHXBGo4hP+oD1pUkcVWqy6f0LZVleHiEcRtUBtJyACYbUeSPriQ
 FTaUPIiJF5YXTGHlgGTCkMu4X4G1SXfnc52sYOn/5ZDrTYstjafKD2rCGTMw2W7JUm
 ebmBtZgW7DUmeentYLXgTt/4wHmuMM65ozX8SsFe57EcVGniPRR52WraqKo1AUljh2
 n8LyiZX44EVdABwcmyCqnSKC+ihjRlwn9uXycLLgbmtzzSMfKWybDDw2+lbuGb3WNP
 MYRXLGsCBkdtVjjjXbX28ArjDCGI8KFNDOtbvcP3iKGDxRbhijUCme/LzN+TukgWZi
 g/FBsXWkbUTWU8DovGVve+Px+ejezp1oyXDBPO76mZd7HmdV44fhDoi5MPagsUROL6
 9AOZ/00Lkk9g5AT7b2s224fyBAS65iwOexeNK8FzBOhYtDNrqhsg3PJkT7Dv6S8UPD
 RbNokYAzAKqD4YOyIXGynkpGvMNcwtIVSE3Rx8scqx56jpkePwNuC2k9tDRATGxJoU
 KWITbcIhWbquvpuxoQhGWauqV9RkhYzuoyEwg8VcolUtG9Jmm8G/4/ZzrST6cZ/kYT
 nGuuPUrv0bzwQkL6Hb2D9psrhfPptgPwlh7JvjTCvlJgRYL8ELeuLj2v/QPYZVpn96
 zKcX0vzFZso8+tDMl5eudbpI=
From: =?utf-8?Q?Bj=C3=B6rn?= Bidar <bjorn.bidar@HIDDEN>
To: Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
 text editors" <bug-gnu-emacs@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
In-Reply-To: <jwvttanamdv.fsf-monnier+emacs@HIDDEN> (Stefan Monnier via's
 message of "Sat, 28 Dec 2024 09:57:24 -0500")
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN> <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN> <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
 <865xna60oj.fsf@HIDDEN> <4ff33026-e509-41d0-8d02-e67db644a797@HIDDEN>
 <87ed1tpobf.fsf@HIDDEN>
 <jwvttanamdv.fsf-monnier+emacs@HIDDEN>
Autocrypt: addr=bjorn.bidar@HIDDEN; prefer-encrypt=nopreference; keydata=
 mDMEZNfpPhYJKwYBBAHaRw8BAQdACBEmr+0xwIIHZfIDlZmm7sa+lHHSb0g9FZrN6qE6ru60JUJq
 w7ZybiBCaWRhciA8Ympvcm4uYmlkYXJAdGhhb2Rhbi5kZT6IlgQTFgoAPgIbAwULCQgHAgIiAgYV
 CgkICwIEFgIDAQIeBwIXgBYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1/YmAhkBAAoJEFwbdKFl
 HF9oB9cBAJoIIGQKXm4cpap+Flxc/EGnYl0123lcEyzuduqvlDT0AQC3OlFKm/OiqJ8IMTrzJRZ8
 phFssTkSrrFXnM2jm5PYDoiTBBMWCgA7FiEEUfF263VHMB6nKairXBt0oWUcX2gFAmTX6T4CGwMF
 CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQXBt0oWUcX2hbCQEAtru7kvM8hi8zo6z9ux2h
 K+B5xViKuo7Z8K3IXuK5ugwA+wUfKzomzdBPhfxDsqLcEziGRxoyx0Q3ld9aermBUccHtBxCasO2
 cm4gQmlkYXIgPG1lQHRoYW9kYW4uZGU+iJMEExYKADsCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC
 HgcCF4AWIQRR8XbrdUcwHqcpqKtcG3ShZRxfaAUCZNf2FQAKCRBcG3ShZRxfaCzSAP4hZ7cSp0YN
 XYpcjHdsySh2MuBhhoPeLGXs+2kSiqBiOwD/TP8AgPEg/R+SI9GI9on7fBJJ0mp2IT8kZ2rhDOjg
 gA6IkwQTFgoAOxYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1+ntAhsDBQsJCAcCAiICBhUKCQgL
 AgQWAgMBAh4HAheAAAoJEFwbdKFlHF9oBgwA/iQHwe0VL4Df4GGTYlNjMSHFlIkBmN4UfYGLYj3E
 TrOUAQC51M+M3cjsL8WHdpBz6VAo6df9d+rVwhQ9vQuFHqevArg4BGTX6T4SCisGAQQBl1UBBQEB
 B0Cbohc3JEfn005/cm0AOGjSsW1ZxAkgaoVNjbpqk4MgNAMBCAeIeAQYFgoAIBYhBFHxdut1RzAe
 pymoq1wbdKFlHF9oBQJk1+k+AhsMAAoJEFwbdKFlHF9ooHABAKGmrGBic/Vys3BBrOQiRB3Z7izO
 HwhqTRpAqFZtXS2nAQDZhp/5aYw1TZjTzkm1KVt9QiYnjd/MvxRE9iaY6x4mDbgzBGTX6T4WCSsG
 AQQB2kcPAQEHQAgRJq/tMcCCB2XyA5WZpu7GvpRx0m9IPRWazeqhOq7uiO8EGBYKACAWIQRR8Xbr
 dUcwHqcpqKtcG3ShZRxfaAUCZNf71AIbIgCBCRBcG3ShZRxfaHYgBBkWCgAdFiEEUfF263VHMB6n
 KairXBt0oWUcX2gFAmTX+9QACgkQXBt0oWUcX2jeSwD6AtWn0cuo8IF35YRo4o3cDRJnUfJnbvJy
 GxyCDThR+zYBAKG6/jdwmZkBQZKslnDAbMMd2WfiZZT5JW3IWC4EaKMO7HkBAKYPGZ3UbfkRvfFK
 S+pQ9CgtNfkSJQBtT1Ob7Y6nsacgAQCpyXN7yppmhW/oBgivITPy9Lkg+V4NK9WZYZCU9Q7LBA==
Date: Sun, 29 Dec 2024 21:14:25 +0200
Message-ID: <87ed1q2tf2.fsf@>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 1.2 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army
 knife of text editors" <bug-gnu-emacs@HIDDEN> writes: >> For Debian we'll
 probably patch in so everything that we install on >> the system is
 automatically trusted. > > Sounds fine, yes. 
 Content analysis details:   (1.2 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [185.216.177.71 listed in bl.score.senderscore.com]
 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
 The query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [185.216.177.71 listed in sa-accredit.habeas.com]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 1.2 INVALID_MSGID          Message-Id is not valid, according to RFC 2822
X-Debbugs-Envelope-To: 75017
Cc: 75017 <at> debbugs.gnu.org, jm@HIDDEN, Dmitry Gutov <dmitry@HIDDEN>,
 stefankangas@HIDDEN, Eli Zaretskii <eliz@HIDDEN>,
 Sean Whitton <spwhitton@HIDDEN>,
 Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.2 (/)

Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
text editors" <bug-gnu-emacs@HIDDEN> writes:

>> For Debian we'll probably patch in so everything that we install on
>> the system is automatically trusted.
>
> Sounds fine, yes.

IMHO this probably applies to all distributions.

Is site-lisp not trusted by default when launching with
site-lisp/site-init enabled?
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 29 Dec 2024 19:14:18 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 29 14:14:18 2024
Received: from localhost ([127.0.0.1]:56209 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tRyjx-00006J-Na
	for submit <at> debbugs.gnu.org; Sun, 29 Dec 2024 14:14:18 -0500
Received: from thaodan.de ([185.216.177.71]:37518)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bjorn.bidar@HIDDEN>) id 1tRyjt-000062-2C
 for 75017 <at> debbugs.gnu.org; Sun, 29 Dec 2024 14:14:14 -0500
Received: from odin (dsl-trebng12-50dc7b-49.dhcp.inet.fi [80.220.123.49])
 by thaodan.de (Postfix) with ESMTPSA id E4F80D00030;
 Sun, 29 Dec 2024 21:13:36 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=thaodan.de; s=mail;
 t=1735499617; bh=OBsbQDjLOU7y37gznVo3/UBJpsFL1slz5qTbwX+tMW0=;
 h=From:To:Cc:Subject:In-Reply-To:References:Date;
 b=VmqmICBvhoxyRCi6cnVFZu8FXRFR5CnnK7hfLa0kEAEb3+ejtPKpa7+Q1Z7VSM8MU
 5QtjoKqd+uP7QnCFEEX/aEmsxKEOMOeyITsv3sWB+ZJ5XNG7Vv6mfm87im3HKwVAXM
 5CU8wV/BlE45RbBx42F8GFcF2SQ1nBagueswg1KlyjzDqP9AU7+A1gdIQG2hj0Kdfs
 3XDDBdqRhiH4wv6nQE2N4OyIOrixU0wRfvmQpFPTXO2ZvB/ydd8CI0MuRPKnWnexzU
 xNHYbEHGX9Z0ata+3zth8JiyqmAdRkAGNqmNGtuIGu3ZlLLi9INRkm5WxaBKq7aQnE
 /pobANSMngCU9pBetSi1S+eZmH5IQ+3unCFflybgtqEKx1xNs1MCBFz/xdJFycXPtE
 4+rkt9hKVFOAX+rEIepz0KCuMFNPjkiZOg2J96DW0oa1znZjbdKiPv8/SuLdAqo4O3
 2Z52edCW2mcxZUMfq0noId6B5HeUfOdsk+KIlJ8ZmYSRnZom+x086nVga1n/n35Wpc
 FAqcPSgjyfby/DUYZn34ykb1Itvs2iqlGEKe4QCU2JmotSkKcdvXyAcp4f+BjGisfU
 WXoFW2CoPXXlDmj97Q0/7OBoUFELE4HVmxiqtFbCvXLSU3kNJXrnDWYOn7kmvZe1FE
 t5NcDFwK14y5/+ht/MoHPgOw=
From: =?utf-8?Q?Bj=C3=B6rn?= Bidar <bjorn.bidar@HIDDEN>
To: Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
 text editors" <bug-gnu-emacs@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
In-Reply-To: <jwvttanamdv.fsf-monnier+emacs@HIDDEN> (Stefan Monnier via's
 message of "Sat, 28 Dec 2024 09:57:24 -0500")
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN> <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN> <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
 <865xna60oj.fsf@HIDDEN> <4ff33026-e509-41d0-8d02-e67db644a797@HIDDEN>
 <87ed1tpobf.fsf@HIDDEN>
 <jwvttanamdv.fsf-monnier+emacs@HIDDEN>
Autocrypt: addr=bjorn.bidar@HIDDEN; prefer-encrypt=nopreference; keydata=
 mDMEZNfpPhYJKwYBBAHaRw8BAQdACBEmr+0xwIIHZfIDlZmm7sa+lHHSb0g9FZrN6qE6ru60JUJq
 w7ZybiBCaWRhciA8Ympvcm4uYmlkYXJAdGhhb2Rhbi5kZT6IlgQTFgoAPgIbAwULCQgHAgIiAgYV
 CgkICwIEFgIDAQIeBwIXgBYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1/YmAhkBAAoJEFwbdKFl
 HF9oB9cBAJoIIGQKXm4cpap+Flxc/EGnYl0123lcEyzuduqvlDT0AQC3OlFKm/OiqJ8IMTrzJRZ8
 phFssTkSrrFXnM2jm5PYDoiTBBMWCgA7FiEEUfF263VHMB6nKairXBt0oWUcX2gFAmTX6T4CGwMF
 CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQXBt0oWUcX2hbCQEAtru7kvM8hi8zo6z9ux2h
 K+B5xViKuo7Z8K3IXuK5ugwA+wUfKzomzdBPhfxDsqLcEziGRxoyx0Q3ld9aermBUccHtBxCasO2
 cm4gQmlkYXIgPG1lQHRoYW9kYW4uZGU+iJMEExYKADsCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC
 HgcCF4AWIQRR8XbrdUcwHqcpqKtcG3ShZRxfaAUCZNf2FQAKCRBcG3ShZRxfaCzSAP4hZ7cSp0YN
 XYpcjHdsySh2MuBhhoPeLGXs+2kSiqBiOwD/TP8AgPEg/R+SI9GI9on7fBJJ0mp2IT8kZ2rhDOjg
 gA6IkwQTFgoAOxYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1+ntAhsDBQsJCAcCAiICBhUKCQgL
 AgQWAgMBAh4HAheAAAoJEFwbdKFlHF9oBgwA/iQHwe0VL4Df4GGTYlNjMSHFlIkBmN4UfYGLYj3E
 TrOUAQC51M+M3cjsL8WHdpBz6VAo6df9d+rVwhQ9vQuFHqevArg4BGTX6T4SCisGAQQBl1UBBQEB
 B0Cbohc3JEfn005/cm0AOGjSsW1ZxAkgaoVNjbpqk4MgNAMBCAeIeAQYFgoAIBYhBFHxdut1RzAe
 pymoq1wbdKFlHF9oBQJk1+k+AhsMAAoJEFwbdKFlHF9ooHABAKGmrGBic/Vys3BBrOQiRB3Z7izO
 HwhqTRpAqFZtXS2nAQDZhp/5aYw1TZjTzkm1KVt9QiYnjd/MvxRE9iaY6x4mDbgzBGTX6T4WCSsG
 AQQB2kcPAQEHQAgRJq/tMcCCB2XyA5WZpu7GvpRx0m9IPRWazeqhOq7uiO8EGBYKACAWIQRR8Xbr
 dUcwHqcpqKtcG3ShZRxfaAUCZNf71AIbIgCBCRBcG3ShZRxfaHYgBBkWCgAdFiEEUfF263VHMB6n
 KairXBt0oWUcX2gFAmTX+9QACgkQXBt0oWUcX2jeSwD6AtWn0cuo8IF35YRo4o3cDRJnUfJnbvJy
 GxyCDThR+zYBAKG6/jdwmZkBQZKslnDAbMMd2WfiZZT5JW3IWC4EaKMO7HkBAKYPGZ3UbfkRvfFK
 S+pQ9CgtNfkSJQBtT1Ob7Y6nsacgAQCpyXN7yppmhW/oBgivITPy9Lkg+V4NK9WZYZCU9Q7LBA==
Date: Sun, 29 Dec 2024 21:13:36 +0200
Message-ID: <87msge2tgf.fsf@>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 1.2 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army
 knife of text editors" <bug-gnu-emacs@HIDDEN> writes: >> For Debian we'll
 probably patch in so everything that we install on >> the system is
 automatically trusted. > > Sounds fine, yes. 
 Content analysis details:   (1.2 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
 The query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [185.216.177.71 listed in sa-accredit.habeas.com]
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [185.216.177.71 listed in bl.score.senderscore.com]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 1.2 INVALID_MSGID          Message-Id is not valid, according to RFC 2822
X-Debbugs-Envelope-To: 75017
Cc: 75017 <at> debbugs.gnu.org, jm@HIDDEN, Dmitry Gutov <dmitry@HIDDEN>,
 stefankangas@HIDDEN, Eli Zaretskii <eliz@HIDDEN>,
 Sean Whitton <spwhitton@HIDDEN>,
 Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.2 (/)

Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
text editors" <bug-gnu-emacs@HIDDEN> writes:

>> For Debian we'll probably patch in so everything that we install on
>> the system is automatically trusted.
>
> Sounds fine, yes.

IMHO this probably applies to all distributions.

Is site-lisp not trusted by default when launching with
site-lisp/site-init enabled?
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 29 Dec 2024 19:14:51 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 29 14:14:51 2024
Received: from localhost ([127.0.0.1]:56217 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tRykU-00007K-Lz
	for submit <at> debbugs.gnu.org; Sun, 29 Dec 2024 14:14:50 -0500
Received: from lists.gnu.org ([209.51.188.17]:37206)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bjorn.bidar@HIDDEN>) id 1tRykS-00007D-DJ
 for submit <at> debbugs.gnu.org; Sun, 29 Dec 2024 14:14:49 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bjorn.bidar@HIDDEN>)
 id 1tRykS-0004Rq-1U
 for bug-gnu-emacs@HIDDEN; Sun, 29 Dec 2024 14:14:48 -0500
Received: from thaodan.de ([185.216.177.71])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bjorn.bidar@HIDDEN>)
 id 1tRykQ-0000qV-Jf; Sun, 29 Dec 2024 14:14:47 -0500
Received: from odin (dsl-trebng12-50dc7b-49.dhcp.inet.fi [80.220.123.49])
 by thaodan.de (Postfix) with ESMTPSA id CFE0CD00090;
 Sun, 29 Dec 2024 21:14:44 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=thaodan.de; s=mail;
 t=1735499685; bh=OBsbQDjLOU7y37gznVo3/UBJpsFL1slz5qTbwX+tMW0=;
 h=From:To:Cc:Subject:In-Reply-To:References:Date;
 b=XfD/dNyk8Y25ef4UdcjeJ4Cu2DcjvIP6S1oR819LAVPMyyRaKBoUaHY44tfQY2SEh
 cPcUVG3WG9FWJ2lK9873HOTeON4OLbbUn7BbNEXG/mbYDMJDWZG9oqpRyUssnliGwi
 G4DR6UKZGG6z8ti/oCKIjDSq7zhFZbFeR5mcHGkT97cEFksfisGBLTE+Ou9xg16Gfe
 ruaCn3nhizy0CJRgAnxdnj0YlbDlNXvmxiJqj4NeI4yHMi1W25Rrin/0V3ah5FXjH2
 eW94Oji/F2UWecRwklZn6rnsB/s/PGcWKr0PXxqUVMDcrncQXdWLDxWiTzW8xCSnyK
 J9j9zeLeO5Jf/Ve1UsdFRoGYVP6AERZun6uHMdQGuk5Z1FXWKwHUXMPjyJS4h4cwPn
 us149r3flyUmLrJ86sewVVTVmh0oQsBMC1Nx8d9RHfiOZ3ML3XvaY2tHYOCS5u33Zd
 LAkrjkUdIXHmzR87sqrN055//ZGqmmvovvUDoFIWjEUjoFvIm9J8HelJXSTHQWGA7Z
 LHBANHFQwZGxMeZUOYs2SP5Ka9OJF/jEdcRHvwIQeqE7aZkpwsevtfBsCilION98ct
 /hLOp1J8JNWY28cGeYOZtoaDov0+D1FUfHhdDVIYiQ9QWABlqIkvHkb1p52uTDBpmm
 IoXWImIpEkeClgqcEE+91BRM=
From: =?utf-8?Q?Bj=C3=B6rn?= Bidar <bjorn.bidar@HIDDEN>
To: Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
 text editors" <bug-gnu-emacs@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
In-Reply-To: <jwvttanamdv.fsf-monnier+emacs@HIDDEN> (Stefan Monnier via's
 message of "Sat, 28 Dec 2024 09:57:24 -0500")
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN> <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN> <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
 <865xna60oj.fsf@HIDDEN> <4ff33026-e509-41d0-8d02-e67db644a797@HIDDEN>
 <87ed1tpobf.fsf@HIDDEN>
 <jwvttanamdv.fsf-monnier+emacs@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
Autocrypt: addr=bjorn.bidar@HIDDEN; prefer-encrypt=nopreference; keydata=
 mDMEZNfpPhYJKwYBBAHaRw8BAQdACBEmr+0xwIIHZfIDlZmm7sa+lHHSb0g9FZrN6qE6ru60JUJq
 w7ZybiBCaWRhciA8Ympvcm4uYmlkYXJAdGhhb2Rhbi5kZT6IlgQTFgoAPgIbAwULCQgHAgIiAgYV
 CgkICwIEFgIDAQIeBwIXgBYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1/YmAhkBAAoJEFwbdKFl
 HF9oB9cBAJoIIGQKXm4cpap+Flxc/EGnYl0123lcEyzuduqvlDT0AQC3OlFKm/OiqJ8IMTrzJRZ8
 phFssTkSrrFXnM2jm5PYDoiTBBMWCgA7FiEEUfF263VHMB6nKairXBt0oWUcX2gFAmTX6T4CGwMF
 CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQXBt0oWUcX2hbCQEAtru7kvM8hi8zo6z9ux2h
 K+B5xViKuo7Z8K3IXuK5ugwA+wUfKzomzdBPhfxDsqLcEziGRxoyx0Q3ld9aermBUccHtBxCasO2
 cm4gQmlkYXIgPG1lQHRoYW9kYW4uZGU+iJMEExYKADsCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC
 HgcCF4AWIQRR8XbrdUcwHqcpqKtcG3ShZRxfaAUCZNf2FQAKCRBcG3ShZRxfaCzSAP4hZ7cSp0YN
 XYpcjHdsySh2MuBhhoPeLGXs+2kSiqBiOwD/TP8AgPEg/R+SI9GI9on7fBJJ0mp2IT8kZ2rhDOjg
 gA6IkwQTFgoAOxYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1+ntAhsDBQsJCAcCAiICBhUKCQgL
 AgQWAgMBAh4HAheAAAoJEFwbdKFlHF9oBgwA/iQHwe0VL4Df4GGTYlNjMSHFlIkBmN4UfYGLYj3E
 TrOUAQC51M+M3cjsL8WHdpBz6VAo6df9d+rVwhQ9vQuFHqevArg4BGTX6T4SCisGAQQBl1UBBQEB
 B0Cbohc3JEfn005/cm0AOGjSsW1ZxAkgaoVNjbpqk4MgNAMBCAeIeAQYFgoAIBYhBFHxdut1RzAe
 pymoq1wbdKFlHF9oBQJk1+k+AhsMAAoJEFwbdKFlHF9ooHABAKGmrGBic/Vys3BBrOQiRB3Z7izO
 HwhqTRpAqFZtXS2nAQDZhp/5aYw1TZjTzkm1KVt9QiYnjd/MvxRE9iaY6x4mDbgzBGTX6T4WCSsG
 AQQB2kcPAQEHQAgRJq/tMcCCB2XyA5WZpu7GvpRx0m9IPRWazeqhOq7uiO8EGBYKACAWIQRR8Xbr
 dUcwHqcpqKtcG3ShZRxfaAUCZNf71AIbIgCBCRBcG3ShZRxfaHYgBBkWCgAdFiEEUfF263VHMB6n
 KairXBt0oWUcX2gFAmTX+9QACgkQXBt0oWUcX2jeSwD6AtWn0cuo8IF35YRo4o3cDRJnUfJnbvJy
 GxyCDThR+zYBAKG6/jdwmZkBQZKslnDAbMMd2WfiZZT5JW3IWC4EaKMO7HkBAKYPGZ3UbfkRvfFK
 S+pQ9CgtNfkSJQBtT1Ob7Y6nsacgAQCpyXN7yppmhW/oBgivITPy9Lkg+V4NK9WZYZCU9Q7LBA==
Date: Sun, 29 Dec 2024 21:14:44 +0200
Message-ID: <87cyha2tej.fsf@>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=185.216.177.71;
 envelope-from=bjorn.bidar@HIDDEN; helo=thaodan.de
X-Spam_score_int: -14
X-Spam_score: -1.5
X-Spam_bar: -
X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, INVALID_MSGID=0.568,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -0.2 (/)
X-Debbugs-Envelope-To: submit
Cc: 75017 <at> debbugs.gnu.org, jm@HIDDEN, Dmitry Gutov <dmitry@HIDDEN>,
 stefankangas@HIDDEN, Eli Zaretskii <eliz@HIDDEN>,
 Sean Whitton <spwhitton@HIDDEN>,
 Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.2 (-)

Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
text editors" <bug-gnu-emacs@HIDDEN> writes:

>> For Debian we'll probably patch in so everything that we install on
>> the system is automatically trusted.
>
> Sounds fine, yes.

IMHO this probably applies to all distributions.

Is site-lisp not trusted by default when launching with
site-lisp/site-init enabled?
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 29 Dec 2024 19:14:31 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 29 14:14:31 2024
Received: from localhost ([127.0.0.1]:56213 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tRykB-00006n-Al
	for submit <at> debbugs.gnu.org; Sun, 29 Dec 2024 14:14:31 -0500
Received: from lists.gnu.org ([209.51.188.17]:37818)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bjorn.bidar@HIDDEN>) id 1tRyk9-00006c-BF
 for submit <at> debbugs.gnu.org; Sun, 29 Dec 2024 14:14:29 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bjorn.bidar@HIDDEN>)
 id 1tRyk8-0004F7-Qc
 for bug-gnu-emacs@HIDDEN; Sun, 29 Dec 2024 14:14:29 -0500
Received: from thaodan.de ([185.216.177.71])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bjorn.bidar@HIDDEN>)
 id 1tRyk7-0000ok-CR; Sun, 29 Dec 2024 14:14:28 -0500
Received: from odin (dsl-trebng12-50dc7b-49.dhcp.inet.fi [80.220.123.49])
 by thaodan.de (Postfix) with ESMTPSA id 9E5D4D00030;
 Sun, 29 Dec 2024 21:14:25 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=thaodan.de; s=mail;
 t=1735499666; bh=OBsbQDjLOU7y37gznVo3/UBJpsFL1slz5qTbwX+tMW0=;
 h=From:To:Cc:Subject:In-Reply-To:References:Date;
 b=BRyGeuYBRn9wiAnHXBGo4hP+oD1pUkcVWqy6f0LZVleHiEcRtUBtJyACYbUeSPriQ
 FTaUPIiJF5YXTGHlgGTCkMu4X4G1SXfnc52sYOn/5ZDrTYstjafKD2rCGTMw2W7JUm
 ebmBtZgW7DUmeentYLXgTt/4wHmuMM65ozX8SsFe57EcVGniPRR52WraqKo1AUljh2
 n8LyiZX44EVdABwcmyCqnSKC+ihjRlwn9uXycLLgbmtzzSMfKWybDDw2+lbuGb3WNP
 MYRXLGsCBkdtVjjjXbX28ArjDCGI8KFNDOtbvcP3iKGDxRbhijUCme/LzN+TukgWZi
 g/FBsXWkbUTWU8DovGVve+Px+ejezp1oyXDBPO76mZd7HmdV44fhDoi5MPagsUROL6
 9AOZ/00Lkk9g5AT7b2s224fyBAS65iwOexeNK8FzBOhYtDNrqhsg3PJkT7Dv6S8UPD
 RbNokYAzAKqD4YOyIXGynkpGvMNcwtIVSE3Rx8scqx56jpkePwNuC2k9tDRATGxJoU
 KWITbcIhWbquvpuxoQhGWauqV9RkhYzuoyEwg8VcolUtG9Jmm8G/4/ZzrST6cZ/kYT
 nGuuPUrv0bzwQkL6Hb2D9psrhfPptgPwlh7JvjTCvlJgRYL8ELeuLj2v/QPYZVpn96
 zKcX0vzFZso8+tDMl5eudbpI=
From: =?utf-8?Q?Bj=C3=B6rn?= Bidar <bjorn.bidar@HIDDEN>
To: Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
 text editors" <bug-gnu-emacs@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
In-Reply-To: <jwvttanamdv.fsf-monnier+emacs@HIDDEN> (Stefan Monnier via's
 message of "Sat, 28 Dec 2024 09:57:24 -0500")
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN> <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN> <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
 <865xna60oj.fsf@HIDDEN> <4ff33026-e509-41d0-8d02-e67db644a797@HIDDEN>
 <87ed1tpobf.fsf@HIDDEN>
 <jwvttanamdv.fsf-monnier+emacs@HIDDEN>
Autocrypt: addr=bjorn.bidar@HIDDEN; prefer-encrypt=nopreference; keydata=
 mDMEZNfpPhYJKwYBBAHaRw8BAQdACBEmr+0xwIIHZfIDlZmm7sa+lHHSb0g9FZrN6qE6ru60JUJq
 w7ZybiBCaWRhciA8Ympvcm4uYmlkYXJAdGhhb2Rhbi5kZT6IlgQTFgoAPgIbAwULCQgHAgIiAgYV
 CgkICwIEFgIDAQIeBwIXgBYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1/YmAhkBAAoJEFwbdKFl
 HF9oB9cBAJoIIGQKXm4cpap+Flxc/EGnYl0123lcEyzuduqvlDT0AQC3OlFKm/OiqJ8IMTrzJRZ8
 phFssTkSrrFXnM2jm5PYDoiTBBMWCgA7FiEEUfF263VHMB6nKairXBt0oWUcX2gFAmTX6T4CGwMF
 CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQXBt0oWUcX2hbCQEAtru7kvM8hi8zo6z9ux2h
 K+B5xViKuo7Z8K3IXuK5ugwA+wUfKzomzdBPhfxDsqLcEziGRxoyx0Q3ld9aermBUccHtBxCasO2
 cm4gQmlkYXIgPG1lQHRoYW9kYW4uZGU+iJMEExYKADsCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC
 HgcCF4AWIQRR8XbrdUcwHqcpqKtcG3ShZRxfaAUCZNf2FQAKCRBcG3ShZRxfaCzSAP4hZ7cSp0YN
 XYpcjHdsySh2MuBhhoPeLGXs+2kSiqBiOwD/TP8AgPEg/R+SI9GI9on7fBJJ0mp2IT8kZ2rhDOjg
 gA6IkwQTFgoAOxYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1+ntAhsDBQsJCAcCAiICBhUKCQgL
 AgQWAgMBAh4HAheAAAoJEFwbdKFlHF9oBgwA/iQHwe0VL4Df4GGTYlNjMSHFlIkBmN4UfYGLYj3E
 TrOUAQC51M+M3cjsL8WHdpBz6VAo6df9d+rVwhQ9vQuFHqevArg4BGTX6T4SCisGAQQBl1UBBQEB
 B0Cbohc3JEfn005/cm0AOGjSsW1ZxAkgaoVNjbpqk4MgNAMBCAeIeAQYFgoAIBYhBFHxdut1RzAe
 pymoq1wbdKFlHF9oBQJk1+k+AhsMAAoJEFwbdKFlHF9ooHABAKGmrGBic/Vys3BBrOQiRB3Z7izO
 HwhqTRpAqFZtXS2nAQDZhp/5aYw1TZjTzkm1KVt9QiYnjd/MvxRE9iaY6x4mDbgzBGTX6T4WCSsG
 AQQB2kcPAQEHQAgRJq/tMcCCB2XyA5WZpu7GvpRx0m9IPRWazeqhOq7uiO8EGBYKACAWIQRR8Xbr
 dUcwHqcpqKtcG3ShZRxfaAUCZNf71AIbIgCBCRBcG3ShZRxfaHYgBBkWCgAdFiEEUfF263VHMB6n
 KairXBt0oWUcX2gFAmTX+9QACgkQXBt0oWUcX2jeSwD6AtWn0cuo8IF35YRo4o3cDRJnUfJnbvJy
 GxyCDThR+zYBAKG6/jdwmZkBQZKslnDAbMMd2WfiZZT5JW3IWC4EaKMO7HkBAKYPGZ3UbfkRvfFK
 S+pQ9CgtNfkSJQBtT1Ob7Y6nsacgAQCpyXN7yppmhW/oBgivITPy9Lkg+V4NK9WZYZCU9Q7LBA==
Date: Sun, 29 Dec 2024 21:14:25 +0200
Message-ID: <87ed1q2tf2.fsf@>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=185.216.177.71;
 envelope-from=bjorn.bidar@HIDDEN; helo=thaodan.de
X-Spam_score_int: -14
X-Spam_score: -1.5
X-Spam_bar: -
X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, INVALID_MSGID=0.568,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -0.2 (/)
X-Debbugs-Envelope-To: submit
Cc: 75017 <at> debbugs.gnu.org, jm@HIDDEN, Dmitry Gutov <dmitry@HIDDEN>,
 stefankangas@HIDDEN, Eli Zaretskii <eliz@HIDDEN>,
 Sean Whitton <spwhitton@HIDDEN>,
 Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.2 (-)

Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
text editors" <bug-gnu-emacs@HIDDEN> writes:

>> For Debian we'll probably patch in so everything that we install on
>> the system is automatically trusted.
>
> Sounds fine, yes.

IMHO this probably applies to all distributions.

Is site-lisp not trusted by default when launching with
site-lisp/site-init enabled?
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 29 Dec 2024 19:13:55 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 29 14:13:55 2024
Received: from localhost ([127.0.0.1]:56202 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tRyjb-0008WV-8v
	for submit <at> debbugs.gnu.org; Sun, 29 Dec 2024 14:13:55 -0500
Received: from thaodan.de ([185.216.177.71]:42412)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bjorn.bidar@HIDDEN>) id 1tRyjZ-0008Vu-77
 for 75017 <at> debbugs.gnu.org; Sun, 29 Dec 2024 14:13:54 -0500
Received: from odin (dsl-trebng12-50dc7b-49.dhcp.inet.fi [80.220.123.49])
 by thaodan.de (Postfix) with ESMTPSA id 0634AD00090;
 Sun, 29 Dec 2024 21:13:46 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=thaodan.de; s=mail;
 t=1735499627; bh=OBsbQDjLOU7y37gznVo3/UBJpsFL1slz5qTbwX+tMW0=;
 h=From:To:Cc:Subject:In-Reply-To:References:Date;
 b=t5fEGquAhuhG0Fn4lNCDNv+a3MoYjn7nguQmEV/bsZzBi0qrWcXFWHqh94lAG0i60
 iGIuIm/ewxx4+P/Kdtt0bQoGZyTc2E0Gzeo6bawSJ3AGWInH9VAHcRQc22+XTbecmI
 q7FndW9J1DjvRGvaVS+P2QBu3kCC9w9dK7s/M9J40PYB3lf/Rg1oIGVnVJXJ6cAMlB
 +R8GDNpY6aUPE1ZwHRsj85ksr8gx9UoQeP35NmfWHa8Ra4nI7cDmFlWQBSVm4wwVnb
 rbcUbwwk7/uFOVxwQ94OUIFlhzyGwfl9X7M9OxHgmUGYbGKGQ9TURjnJPg7sDI2xFq
 +2PEc/BY0vP5ksMUiJGWW/bOUqefZAtIOHM5nPv7gT61kkCz7Z3GcwZql3IaPyJW71
 MA4X6FC4k57Dvx37AaiLmcyMlvUGpOf9qfcQ+zWUVLzikcYdLqkGmQvOCtBpFFgXJY
 +euuiu/fe3/NGvakeMeFDxFdmXq9wplfrpidwUbKe7jJL6/8RpcviO8wSmSoDbgXR2
 UzTiqfTENR/9QqLh4izyoTuf/EJ/+QrIV0mtQ3xgvRSsHkFayUDqQzQuvDlISEH0C/
 2S3lU8L0h/9jOinP1DfXzA7DrfdnSVjpOO4lFZCOUbxoXnuKisfI/JTIym8zxNbv6v
 RhL3p1ow2Nc+9jKY4tyfY0zs=
From: =?utf-8?Q?Bj=C3=B6rn?= Bidar <bjorn.bidar@HIDDEN>
To: Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
 text editors" <bug-gnu-emacs@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
In-Reply-To: <jwvttanamdv.fsf-monnier+emacs@HIDDEN> (Stefan Monnier via's
 message of "Sat, 28 Dec 2024 09:57:24 -0500")
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN> <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN> <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
 <865xna60oj.fsf@HIDDEN> <4ff33026-e509-41d0-8d02-e67db644a797@HIDDEN>
 <87ed1tpobf.fsf@HIDDEN>
 <jwvttanamdv.fsf-monnier+emacs@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
Autocrypt: addr=bjorn.bidar@HIDDEN; prefer-encrypt=nopreference; keydata=
 mDMEZNfpPhYJKwYBBAHaRw8BAQdACBEmr+0xwIIHZfIDlZmm7sa+lHHSb0g9FZrN6qE6ru60JUJq
 w7ZybiBCaWRhciA8Ympvcm4uYmlkYXJAdGhhb2Rhbi5kZT6IlgQTFgoAPgIbAwULCQgHAgIiAgYV
 CgkICwIEFgIDAQIeBwIXgBYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1/YmAhkBAAoJEFwbdKFl
 HF9oB9cBAJoIIGQKXm4cpap+Flxc/EGnYl0123lcEyzuduqvlDT0AQC3OlFKm/OiqJ8IMTrzJRZ8
 phFssTkSrrFXnM2jm5PYDoiTBBMWCgA7FiEEUfF263VHMB6nKairXBt0oWUcX2gFAmTX6T4CGwMF
 CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQXBt0oWUcX2hbCQEAtru7kvM8hi8zo6z9ux2h
 K+B5xViKuo7Z8K3IXuK5ugwA+wUfKzomzdBPhfxDsqLcEziGRxoyx0Q3ld9aermBUccHtBxCasO2
 cm4gQmlkYXIgPG1lQHRoYW9kYW4uZGU+iJMEExYKADsCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC
 HgcCF4AWIQRR8XbrdUcwHqcpqKtcG3ShZRxfaAUCZNf2FQAKCRBcG3ShZRxfaCzSAP4hZ7cSp0YN
 XYpcjHdsySh2MuBhhoPeLGXs+2kSiqBiOwD/TP8AgPEg/R+SI9GI9on7fBJJ0mp2IT8kZ2rhDOjg
 gA6IkwQTFgoAOxYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1+ntAhsDBQsJCAcCAiICBhUKCQgL
 AgQWAgMBAh4HAheAAAoJEFwbdKFlHF9oBgwA/iQHwe0VL4Df4GGTYlNjMSHFlIkBmN4UfYGLYj3E
 TrOUAQC51M+M3cjsL8WHdpBz6VAo6df9d+rVwhQ9vQuFHqevArg4BGTX6T4SCisGAQQBl1UBBQEB
 B0Cbohc3JEfn005/cm0AOGjSsW1ZxAkgaoVNjbpqk4MgNAMBCAeIeAQYFgoAIBYhBFHxdut1RzAe
 pymoq1wbdKFlHF9oBQJk1+k+AhsMAAoJEFwbdKFlHF9ooHABAKGmrGBic/Vys3BBrOQiRB3Z7izO
 HwhqTRpAqFZtXS2nAQDZhp/5aYw1TZjTzkm1KVt9QiYnjd/MvxRE9iaY6x4mDbgzBGTX6T4WCSsG
 AQQB2kcPAQEHQAgRJq/tMcCCB2XyA5WZpu7GvpRx0m9IPRWazeqhOq7uiO8EGBYKACAWIQRR8Xbr
 dUcwHqcpqKtcG3ShZRxfaAUCZNf71AIbIgCBCRBcG3ShZRxfaHYgBBkWCgAdFiEEUfF263VHMB6n
 KairXBt0oWUcX2gFAmTX+9QACgkQXBt0oWUcX2jeSwD6AtWn0cuo8IF35YRo4o3cDRJnUfJnbvJy
 GxyCDThR+zYBAKG6/jdwmZkBQZKslnDAbMMd2WfiZZT5JW3IWC4EaKMO7HkBAKYPGZ3UbfkRvfFK
 S+pQ9CgtNfkSJQBtT1Ob7Y6nsacgAQCpyXN7yppmhW/oBgivITPy9Lkg+V4NK9WZYZCU9Q7LBA==
Date: Sun, 29 Dec 2024 21:13:46 +0200
Message-ID: <87ldvy2tg5.fsf@>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 1.2 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army
 knife of text editors" <bug-gnu-emacs@HIDDEN> writes: >> For Debian we'll
 probably patch in so everything that we install on >> the system is
 automatically trusted. > > Sounds fine, yes. 
 Content analysis details:   (1.2 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
 The query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [185.216.177.71 listed in sa-accredit.habeas.com]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [185.216.177.71 listed in bl.score.senderscore.com]
 1.2 INVALID_MSGID          Message-Id is not valid, according to RFC 2822
X-Debbugs-Envelope-To: 75017
Cc: 75017 <at> debbugs.gnu.org, jm@HIDDEN, Dmitry Gutov <dmitry@HIDDEN>,
 stefankangas@HIDDEN, Eli Zaretskii <eliz@HIDDEN>,
 Sean Whitton <spwhitton@HIDDEN>,
 Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.2 (/)

Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
text editors" <bug-gnu-emacs@HIDDEN> writes:

>> For Debian we'll probably patch in so everything that we install on
>> the system is automatically trusted.
>
> Sounds fine, yes.

IMHO this probably applies to all distributions.

Is site-lisp not trusted by default when launching with
site-lisp/site-init enabled?
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 29 Dec 2024 19:13:55 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 29 14:13:55 2024
Received: from localhost ([127.0.0.1]:56200 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tRyja-0008WS-Uh
	for submit <at> debbugs.gnu.org; Sun, 29 Dec 2024 14:13:55 -0500
Received: from lists.gnu.org ([209.51.188.17]:38114)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bjorn.bidar@HIDDEN>) id 1tRyjY-0008W6-PR
 for submit <at> debbugs.gnu.org; Sun, 29 Dec 2024 14:13:53 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bjorn.bidar@HIDDEN>)
 id 1tRyjY-00046p-CR
 for bug-gnu-emacs@HIDDEN; Sun, 29 Dec 2024 14:13:52 -0500
Received: from thaodan.de ([2a03:4000:4f:f15::1])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bjorn.bidar@HIDDEN>)
 id 1tRyjW-0000m2-Tk; Sun, 29 Dec 2024 14:13:52 -0500
Received: from odin (dsl-trebng12-50dc7b-49.dhcp.inet.fi [80.220.123.49])
 by thaodan.de (Postfix) with ESMTPSA id 0634AD00090;
 Sun, 29 Dec 2024 21:13:46 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=thaodan.de; s=mail;
 t=1735499627; bh=OBsbQDjLOU7y37gznVo3/UBJpsFL1slz5qTbwX+tMW0=;
 h=From:To:Cc:Subject:In-Reply-To:References:Date;
 b=t5fEGquAhuhG0Fn4lNCDNv+a3MoYjn7nguQmEV/bsZzBi0qrWcXFWHqh94lAG0i60
 iGIuIm/ewxx4+P/Kdtt0bQoGZyTc2E0Gzeo6bawSJ3AGWInH9VAHcRQc22+XTbecmI
 q7FndW9J1DjvRGvaVS+P2QBu3kCC9w9dK7s/M9J40PYB3lf/Rg1oIGVnVJXJ6cAMlB
 +R8GDNpY6aUPE1ZwHRsj85ksr8gx9UoQeP35NmfWHa8Ra4nI7cDmFlWQBSVm4wwVnb
 rbcUbwwk7/uFOVxwQ94OUIFlhzyGwfl9X7M9OxHgmUGYbGKGQ9TURjnJPg7sDI2xFq
 +2PEc/BY0vP5ksMUiJGWW/bOUqefZAtIOHM5nPv7gT61kkCz7Z3GcwZql3IaPyJW71
 MA4X6FC4k57Dvx37AaiLmcyMlvUGpOf9qfcQ+zWUVLzikcYdLqkGmQvOCtBpFFgXJY
 +euuiu/fe3/NGvakeMeFDxFdmXq9wplfrpidwUbKe7jJL6/8RpcviO8wSmSoDbgXR2
 UzTiqfTENR/9QqLh4izyoTuf/EJ/+QrIV0mtQ3xgvRSsHkFayUDqQzQuvDlISEH0C/
 2S3lU8L0h/9jOinP1DfXzA7DrfdnSVjpOO4lFZCOUbxoXnuKisfI/JTIym8zxNbv6v
 RhL3p1ow2Nc+9jKY4tyfY0zs=
From: =?utf-8?Q?Bj=C3=B6rn?= Bidar <bjorn.bidar@HIDDEN>
To: Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
 text editors" <bug-gnu-emacs@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
In-Reply-To: <jwvttanamdv.fsf-monnier+emacs@HIDDEN> (Stefan Monnier via's
 message of "Sat, 28 Dec 2024 09:57:24 -0500")
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN> <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN> <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
 <865xna60oj.fsf@HIDDEN> <4ff33026-e509-41d0-8d02-e67db644a797@HIDDEN>
 <87ed1tpobf.fsf@HIDDEN>
 <jwvttanamdv.fsf-monnier+emacs@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
Autocrypt: addr=bjorn.bidar@HIDDEN; prefer-encrypt=nopreference; keydata=
 mDMEZNfpPhYJKwYBBAHaRw8BAQdACBEmr+0xwIIHZfIDlZmm7sa+lHHSb0g9FZrN6qE6ru60JUJq
 w7ZybiBCaWRhciA8Ympvcm4uYmlkYXJAdGhhb2Rhbi5kZT6IlgQTFgoAPgIbAwULCQgHAgIiAgYV
 CgkICwIEFgIDAQIeBwIXgBYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1/YmAhkBAAoJEFwbdKFl
 HF9oB9cBAJoIIGQKXm4cpap+Flxc/EGnYl0123lcEyzuduqvlDT0AQC3OlFKm/OiqJ8IMTrzJRZ8
 phFssTkSrrFXnM2jm5PYDoiTBBMWCgA7FiEEUfF263VHMB6nKairXBt0oWUcX2gFAmTX6T4CGwMF
 CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQXBt0oWUcX2hbCQEAtru7kvM8hi8zo6z9ux2h
 K+B5xViKuo7Z8K3IXuK5ugwA+wUfKzomzdBPhfxDsqLcEziGRxoyx0Q3ld9aermBUccHtBxCasO2
 cm4gQmlkYXIgPG1lQHRoYW9kYW4uZGU+iJMEExYKADsCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC
 HgcCF4AWIQRR8XbrdUcwHqcpqKtcG3ShZRxfaAUCZNf2FQAKCRBcG3ShZRxfaCzSAP4hZ7cSp0YN
 XYpcjHdsySh2MuBhhoPeLGXs+2kSiqBiOwD/TP8AgPEg/R+SI9GI9on7fBJJ0mp2IT8kZ2rhDOjg
 gA6IkwQTFgoAOxYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1+ntAhsDBQsJCAcCAiICBhUKCQgL
 AgQWAgMBAh4HAheAAAoJEFwbdKFlHF9oBgwA/iQHwe0VL4Df4GGTYlNjMSHFlIkBmN4UfYGLYj3E
 TrOUAQC51M+M3cjsL8WHdpBz6VAo6df9d+rVwhQ9vQuFHqevArg4BGTX6T4SCisGAQQBl1UBBQEB
 B0Cbohc3JEfn005/cm0AOGjSsW1ZxAkgaoVNjbpqk4MgNAMBCAeIeAQYFgoAIBYhBFHxdut1RzAe
 pymoq1wbdKFlHF9oBQJk1+k+AhsMAAoJEFwbdKFlHF9ooHABAKGmrGBic/Vys3BBrOQiRB3Z7izO
 HwhqTRpAqFZtXS2nAQDZhp/5aYw1TZjTzkm1KVt9QiYnjd/MvxRE9iaY6x4mDbgzBGTX6T4WCSsG
 AQQB2kcPAQEHQAgRJq/tMcCCB2XyA5WZpu7GvpRx0m9IPRWazeqhOq7uiO8EGBYKACAWIQRR8Xbr
 dUcwHqcpqKtcG3ShZRxfaAUCZNf71AIbIgCBCRBcG3ShZRxfaHYgBBkWCgAdFiEEUfF263VHMB6n
 KairXBt0oWUcX2gFAmTX+9QACgkQXBt0oWUcX2jeSwD6AtWn0cuo8IF35YRo4o3cDRJnUfJnbvJy
 GxyCDThR+zYBAKG6/jdwmZkBQZKslnDAbMMd2WfiZZT5JW3IWC4EaKMO7HkBAKYPGZ3UbfkRvfFK
 S+pQ9CgtNfkSJQBtT1Ob7Y6nsacgAQCpyXN7yppmhW/oBgivITPy9Lkg+V4NK9WZYZCU9Q7LBA==
Date: Sun, 29 Dec 2024 21:13:46 +0200
Message-ID: <87ldvy2tg5.fsf@>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=2a03:4000:4f:f15::1;
 envelope-from=bjorn.bidar@HIDDEN; helo=thaodan.de
X-Spam_score_int: -14
X-Spam_score: -1.5
X-Spam_bar: -
X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, INVALID_MSGID=0.568,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -0.2 (/)
X-Debbugs-Envelope-To: submit
Cc: 75017 <at> debbugs.gnu.org, jm@HIDDEN, Dmitry Gutov <dmitry@HIDDEN>,
 stefankangas@HIDDEN, Eli Zaretskii <eliz@HIDDEN>,
 Sean Whitton <spwhitton@HIDDEN>,
 Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.2 (-)

Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
text editors" <bug-gnu-emacs@HIDDEN> writes:

>> For Debian we'll probably patch in so everything that we install on
>> the system is automatically trusted.
>
> Sounds fine, yes.

IMHO this probably applies to all distributions.

Is site-lisp not trusted by default when launching with
site-lisp/site-init enabled?
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 29 Dec 2024 19:13:54 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 29 14:13:53 2024
Received: from localhost ([127.0.0.1]:56196 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tRyjZ-0008W8-92
	for submit <at> debbugs.gnu.org; Sun, 29 Dec 2024 14:13:53 -0500
Received: from lists.gnu.org ([209.51.188.17]:38584)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bjorn.bidar@HIDDEN>) id 1tRyjP-0008Vm-NZ
 for submit <at> debbugs.gnu.org; Sun, 29 Dec 2024 14:13:51 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bjorn.bidar@HIDDEN>)
 id 1tRyjN-00046N-Lz
 for bug-gnu-emacs@HIDDEN; Sun, 29 Dec 2024 14:13:41 -0500
Received: from thaodan.de ([185.216.177.71])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bjorn.bidar@HIDDEN>)
 id 1tRyjL-0000lX-B5; Sun, 29 Dec 2024 14:13:41 -0500
Received: from odin (dsl-trebng12-50dc7b-49.dhcp.inet.fi [80.220.123.49])
 by thaodan.de (Postfix) with ESMTPSA id E4F80D00030;
 Sun, 29 Dec 2024 21:13:36 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=thaodan.de; s=mail;
 t=1735499617; bh=OBsbQDjLOU7y37gznVo3/UBJpsFL1slz5qTbwX+tMW0=;
 h=From:To:Cc:Subject:In-Reply-To:References:Date;
 b=VmqmICBvhoxyRCi6cnVFZu8FXRFR5CnnK7hfLa0kEAEb3+ejtPKpa7+Q1Z7VSM8MU
 5QtjoKqd+uP7QnCFEEX/aEmsxKEOMOeyITsv3sWB+ZJ5XNG7Vv6mfm87im3HKwVAXM
 5CU8wV/BlE45RbBx42F8GFcF2SQ1nBagueswg1KlyjzDqP9AU7+A1gdIQG2hj0Kdfs
 3XDDBdqRhiH4wv6nQE2N4OyIOrixU0wRfvmQpFPTXO2ZvB/ydd8CI0MuRPKnWnexzU
 xNHYbEHGX9Z0ata+3zth8JiyqmAdRkAGNqmNGtuIGu3ZlLLi9INRkm5WxaBKq7aQnE
 /pobANSMngCU9pBetSi1S+eZmH5IQ+3unCFflybgtqEKx1xNs1MCBFz/xdJFycXPtE
 4+rkt9hKVFOAX+rEIepz0KCuMFNPjkiZOg2J96DW0oa1znZjbdKiPv8/SuLdAqo4O3
 2Z52edCW2mcxZUMfq0noId6B5HeUfOdsk+KIlJ8ZmYSRnZom+x086nVga1n/n35Wpc
 FAqcPSgjyfby/DUYZn34ykb1Itvs2iqlGEKe4QCU2JmotSkKcdvXyAcp4f+BjGisfU
 WXoFW2CoPXXlDmj97Q0/7OBoUFELE4HVmxiqtFbCvXLSU3kNJXrnDWYOn7kmvZe1FE
 t5NcDFwK14y5/+ht/MoHPgOw=
From: =?utf-8?Q?Bj=C3=B6rn?= Bidar <bjorn.bidar@HIDDEN>
To: Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
 text editors" <bug-gnu-emacs@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
In-Reply-To: <jwvttanamdv.fsf-monnier+emacs@HIDDEN> (Stefan Monnier via's
 message of "Sat, 28 Dec 2024 09:57:24 -0500")
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN> <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN> <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
 <865xna60oj.fsf@HIDDEN> <4ff33026-e509-41d0-8d02-e67db644a797@HIDDEN>
 <87ed1tpobf.fsf@HIDDEN>
 <jwvttanamdv.fsf-monnier+emacs@HIDDEN>
Autocrypt: addr=bjorn.bidar@HIDDEN; prefer-encrypt=nopreference; keydata=
 mDMEZNfpPhYJKwYBBAHaRw8BAQdACBEmr+0xwIIHZfIDlZmm7sa+lHHSb0g9FZrN6qE6ru60JUJq
 w7ZybiBCaWRhciA8Ympvcm4uYmlkYXJAdGhhb2Rhbi5kZT6IlgQTFgoAPgIbAwULCQgHAgIiAgYV
 CgkICwIEFgIDAQIeBwIXgBYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1/YmAhkBAAoJEFwbdKFl
 HF9oB9cBAJoIIGQKXm4cpap+Flxc/EGnYl0123lcEyzuduqvlDT0AQC3OlFKm/OiqJ8IMTrzJRZ8
 phFssTkSrrFXnM2jm5PYDoiTBBMWCgA7FiEEUfF263VHMB6nKairXBt0oWUcX2gFAmTX6T4CGwMF
 CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQXBt0oWUcX2hbCQEAtru7kvM8hi8zo6z9ux2h
 K+B5xViKuo7Z8K3IXuK5ugwA+wUfKzomzdBPhfxDsqLcEziGRxoyx0Q3ld9aermBUccHtBxCasO2
 cm4gQmlkYXIgPG1lQHRoYW9kYW4uZGU+iJMEExYKADsCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC
 HgcCF4AWIQRR8XbrdUcwHqcpqKtcG3ShZRxfaAUCZNf2FQAKCRBcG3ShZRxfaCzSAP4hZ7cSp0YN
 XYpcjHdsySh2MuBhhoPeLGXs+2kSiqBiOwD/TP8AgPEg/R+SI9GI9on7fBJJ0mp2IT8kZ2rhDOjg
 gA6IkwQTFgoAOxYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1+ntAhsDBQsJCAcCAiICBhUKCQgL
 AgQWAgMBAh4HAheAAAoJEFwbdKFlHF9oBgwA/iQHwe0VL4Df4GGTYlNjMSHFlIkBmN4UfYGLYj3E
 TrOUAQC51M+M3cjsL8WHdpBz6VAo6df9d+rVwhQ9vQuFHqevArg4BGTX6T4SCisGAQQBl1UBBQEB
 B0Cbohc3JEfn005/cm0AOGjSsW1ZxAkgaoVNjbpqk4MgNAMBCAeIeAQYFgoAIBYhBFHxdut1RzAe
 pymoq1wbdKFlHF9oBQJk1+k+AhsMAAoJEFwbdKFlHF9ooHABAKGmrGBic/Vys3BBrOQiRB3Z7izO
 HwhqTRpAqFZtXS2nAQDZhp/5aYw1TZjTzkm1KVt9QiYnjd/MvxRE9iaY6x4mDbgzBGTX6T4WCSsG
 AQQB2kcPAQEHQAgRJq/tMcCCB2XyA5WZpu7GvpRx0m9IPRWazeqhOq7uiO8EGBYKACAWIQRR8Xbr
 dUcwHqcpqKtcG3ShZRxfaAUCZNf71AIbIgCBCRBcG3ShZRxfaHYgBBkWCgAdFiEEUfF263VHMB6n
 KairXBt0oWUcX2gFAmTX+9QACgkQXBt0oWUcX2jeSwD6AtWn0cuo8IF35YRo4o3cDRJnUfJnbvJy
 GxyCDThR+zYBAKG6/jdwmZkBQZKslnDAbMMd2WfiZZT5JW3IWC4EaKMO7HkBAKYPGZ3UbfkRvfFK
 S+pQ9CgtNfkSJQBtT1Ob7Y6nsacgAQCpyXN7yppmhW/oBgivITPy9Lkg+V4NK9WZYZCU9Q7LBA==
Date: Sun, 29 Dec 2024 21:13:36 +0200
Message-ID: <87msge2tgf.fsf@>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=185.216.177.71;
 envelope-from=bjorn.bidar@HIDDEN; helo=thaodan.de
X-Spam_score_int: -14
X-Spam_score: -1.5
X-Spam_bar: -
X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, INVALID_MSGID=0.568,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -0.2 (/)
X-Debbugs-Envelope-To: submit
Cc: 75017 <at> debbugs.gnu.org, jm@HIDDEN, Dmitry Gutov <dmitry@HIDDEN>,
 stefankangas@HIDDEN, Eli Zaretskii <eliz@HIDDEN>,
 Sean Whitton <spwhitton@HIDDEN>,
 Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.2 (-)

Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
text editors" <bug-gnu-emacs@HIDDEN> writes:

>> For Debian we'll probably patch in so everything that we install on
>> the system is automatically trusted.
>
> Sounds fine, yes.

IMHO this probably applies to all distributions.

Is site-lisp not trusted by default when launching with
site-lisp/site-init enabled?
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 28 Dec 2024 14:57:35 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Dec 28 09:57:35 2024
Received: from localhost ([127.0.0.1]:52260 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tRYFy-0001Jb-Vg
	for submit <at> debbugs.gnu.org; Sat, 28 Dec 2024 09:57:35 -0500
Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:25180)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <monnier@HIDDEN>) id 1tRYFw-0001JR-DU
 for 75017 <at> debbugs.gnu.org; Sat, 28 Dec 2024 09:57:33 -0500
Received: from pmg3.iro.umontreal.ca (localhost [127.0.0.1])
 by pmg3.iro.umontreal.ca (Proxmox) with ESMTP id 5045F44105C;
 Sat, 28 Dec 2024 09:57:26 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca;
 s=mail; t=1735397845;
 bh=+iJLstp7nDn4Zrx45NsEYg+N4gHuFt2eigcElmZRntY=;
 h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
 b=jTB/5Iven59HkCdQdkcdoPfJGo+WhhfWjNLBGhmyiiW9Il6asFl682hSmMKIIlL4P
 xt5SIHmxplQRpQOT8RDk6WL3X8jyU9h4SpklKxcXaBWb28GbagTjkhYJOOzK2pkB4h
 ZibtyDtnRKtt2yngqcTtjWrNl3MaJQ3GTSwa6a70MwbBdnqdy2vBh278qvsXShxmwj
 Wc4dUa+ii0ltsaJAsoWZamENaCmEkSjdkglsPVqVyd6bsO7tbKl9ki6rc9Xo3qYxQX
 ymfqwo2+iToHYvQOQTzcvm+khgjanIwfkxB5HKMeG7Drx0WfDGvk5QKEJM9BHKELv6
 sW5F6YfymDbCA==
Received: from mail01.iro.umontreal.ca (unknown [172.31.2.1])
 by pmg3.iro.umontreal.ca (Proxmox) with ESMTP id 67927441001;
 Sat, 28 Dec 2024 09:57:25 -0500 (EST)
Received: from pastel (104-195-225-43.cpe.teksavvy.com [104.195.225.43])
 by mail01.iro.umontreal.ca (Postfix) with ESMTPSA id 2642112056E;
 Sat, 28 Dec 2024 09:57:25 -0500 (EST)
From: Stefan Monnier <monnier@HIDDEN>
To: Sean Whitton <spwhitton@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
In-Reply-To: <87ed1tpobf.fsf@HIDDEN> (Sean Whitton's message
 of "Fri, 27 Dec 2024 07:39:16 +0000")
Message-ID: <jwvttanamdv.fsf-monnier+emacs@HIDDEN>
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN>
 <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN>
 <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
 <865xna60oj.fsf@HIDDEN>
 <4ff33026-e509-41d0-8d02-e67db644a797@HIDDEN>
 <87ed1tpobf.fsf@HIDDEN>
Date: Sat, 28 Dec 2024 09:57:24 -0500
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-SPAM-INFO: Spam detection results:  0
 ALL_TRUSTED                -1 Passed through trusted hosts only via SMTP
 AWL -0.007 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's
 domain
 DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from
 domain
X-SPAM-LEVEL: 
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 75017
Cc: Dmitry Gutov <dmitry@HIDDEN>, Eli Zaretskii <eliz@HIDDEN>, jm@HIDDEN,
 stefankangas@HIDDEN, 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> For Debian we'll probably patch in so everything that we install on
> the system is automatically trusted.

Sounds fine, yes.

> It seems natural to me to see this as the
> distributor's responsibility.

Agreed.  Anything that we know has been installed consciously by the
sysadmin should be trustworthy because we don't really get to choose not
to trust the sysadmin,


        Stefan
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 28 Dec 2024 12:30:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Dec 28 07:30:32 2024
Received: from localhost ([127.0.0.1]:49680 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tRVxg-0002S2-7d
	for submit <at> debbugs.gnu.org; Sat, 28 Dec 2024 07:30:32 -0500
Received: from eggs.gnu.org ([209.51.188.92]:53862)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1tRVxe-0002Rm-43
 for 75017 <at> debbugs.gnu.org; Sat, 28 Dec 2024 07:30:31 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
 id 1tRVxY-00006X-5P; Sat, 28 Dec 2024 07:30:24 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
 mime-version; bh=jCeDeTfLEWunOHTlSqVXTfohMizNdeFheawrbB+bLV0=; b=ijuo3A4a2Gxy
 Y+26tQH6wQa4VTNJKT04mm/kXIxOIIn0eeWL2NQij9tWpQIzXXRslbYPVOzCMzZzq2Xi5iN+jsX/h
 6MeSo6YNqDoWn839JjeLxl/+obOVOT3AZn9nT9yFzV4OfOcsWBRw/JSy4bccacS30XCUPsUBTDbnH
 81u9ms6UA+4dYW1343BrXcsS8HibK9umwvh6zjetk1xn86TY3/ft4oBQXVI+9wEjfK4oNGQZ2LNzo
 NDeeYQqhVGgIMGr7Lg7WyJbuJsLBgNWIwHIia+5ZapgnHzDaIuJRj8dMVX8jecHid4nMWxZXySIP5
 8GwjXUCRTI20s3os2JnhPg==;
Date: Sat, 28 Dec 2024 14:30:21 +0200
Message-Id: <86o70wrnvm.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Sean Whitton <spwhitton@HIDDEN>,
 Stefan Monnier <monnier@HIDDEN>
In-Reply-To: <871pxtp7rc.fsf@HIDDEN> (message from Sean
 Whitton on Fri, 27 Dec 2024 13:36:55 +0000)
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN>
 <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN>
 <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
 <865xna60oj.fsf@HIDDEN>
 <4ff33026-e509-41d0-8d02-e67db644a797@HIDDEN>
 <87ed1tpobf.fsf@HIDDEN> <86zfkhwmj7.fsf@HIDDEN>
 <871pxtp7rc.fsf@HIDDEN>
X-Spam-Score: -1.6 (-)
X-Debbugs-Envelope-To: 75017
Cc: dmitry@HIDDEN, jm@HIDDEN, stefankangas@HIDDEN,
 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.6 (--)

> From: Sean Whitton <spwhitton@HIDDEN>
> Cc: dmitry@HIDDEN,  jm@HIDDEN,  stefankangas@HIDDEN,
>   75017 <at> debbugs.gnu.org
> Date: Fri, 27 Dec 2024 13:36:55 +0000
> 
> > I think this is the end-user's responsibility, not yours.  So I urge
> > you to reconsider.  At the very least ask the user at installation
> > time whether she wants to declare the entire tree trusted, but don't
> > do it unconditionally, because it basically renders this change in
> > large part ineffective, and then why did we even bother to do it,
> > delaying the release etc.?
> 
> It sounds like I am significantly misunderstanding something.  I thought
> that this trusted-files change was about, e.g., random Lisp files in my
> ~/Downloads/.  Debian will certainly not be marking those as trusted!

Right.

> Let me step back a bit.
> 
> If you install Emacs on the next release of Debian and you enable
> installing all suggested packages, you'll also get a bunch of major
> modes from GNU ELPA and elsewhere, such as markdown-mode (thanks to
> Xiyue Deng for sorting out the metadata such that these other modes are
> suggested by our package manager).
> 
> These are Debian-vetted versions of these packages; we have lots of
> users who don't want to use package.el directly.  The Lisp is installed
> under /usr/share/emacs/site-lisp/elpa-src.  It's equally as safe as the
> code for Emacs itself; the same people (Debian Developers) have upload
> access for Emacs and for all those other major modes.  So, I would have
> thought we would be marking those as trusted on behalf of our users.
> 
> Does this still seem wrong to you?  Can you see what I've misunderstood?

I think you assume that since this stuff is installed from Debian,
those directories are forever trusted.  But that is only true
immediately after the installation.  Some time after that, anything
can happen with these directories.  Whether they can be trusted from
now to eternity is something for the user to say.

At least this is my opinion.  I don't see myself as an expert on this,
so please wait for Stefan and others to chime in if they have
different opinions.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 27 Dec 2024 13:37:09 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Dec 27 08:37:09 2024
Received: from localhost ([127.0.0.1]:45116 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tRAWa-0001As-TQ
	for submit <at> debbugs.gnu.org; Fri, 27 Dec 2024 08:37:09 -0500
Received: from sendmail.purelymail.com ([34.202.193.197]:34712)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <spwhitton@HIDDEN>) id 1tRAWX-0001A7-GG
 for 75017 <at> debbugs.gnu.org; Fri, 27 Dec 2024 08:37:06 -0500
DKIM-Signature: a=rsa-sha256;
 b=6GVV0IURuARy0PU+zkPpVjnU5t4Ecfwq8hXZMCxll7DFgD/aAElXfKMT2IjXQPK0SGkdwp6HT5vlQ2AJN0W+VBVD1sejGbvEuKiVOJladpiuB7WLmRbr7JDRkBzVqAgXvYqozjanMhkvAkZVxP74/6/ByN3R5mSM5z2YSKeCbKObCOOFhuXnCh1x+XDPM72w+QJE0cRe8pSO/X3Y63k6h+jkBTepsk8LQBpqzL3cWjktrBTTs/svNlZ1IX9BKjP0FCDlsR7zgDowDS7QBoJORM3BbAMa0RjIxWTsQu3fh0okgDTXACcq9fghs9/3u2eugkNLWYqY3KIkE09EQspm2g==;
 s=purelymail2; d=spwhitton.name; v=1;
 bh=SOd28mLLiPpB/Yhy1IYWk+/nw9WH6VpTkL9Qnkh2+9k=;
 h=Received:Received:From:To:Subject:Date; 
DKIM-Signature: a=rsa-sha256;
 b=fPPvB6X07P8cM6BZ/R/vRJCeKP95vUnTr3c/FbeRUjWh5non769eNIU/40Vc9YksIaOzaCHMmPukcNvjB1pGRkkIxZPTTgYNYl2MvjroQzV6+mxDUK4gmWu0PO7GnmDljMrgeu9AQGSeCXh9/0TxEAnHhW9EHx9wC1FndI+LP2ja1QMwj9Nn5OqHvPau75VuASCCn/ZrdXrq9c6YxEDicDFy+xX3Br24u5Q74IAGn6gm2WbJMSCVxSWVFI3zQMhbZIIyDK1GNFRZd5p4lSZm8v3ATuzfPPHZrzv+fBpmWTlIn1oYFQjYrGizk/qzSE6wTF4n3R0meRCGi1ki4VeEzg==;
 s=purelymail2; d=purelymail.com; v=1;
 bh=SOd28mLLiPpB/Yhy1IYWk+/nw9WH6VpTkL9Qnkh2+9k=;
 h=Feedback-ID:Received:Received:From:To:Subject:Date; 
Feedback-ID: 20115:3760:null:purelymail
X-Pm-Original-To: 75017 <at> debbugs.gnu.org
Received: by smtp.purelymail.com (Purelymail SMTP) with ESMTPSA id 983471356; 
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);
 Fri, 27 Dec 2024 13:36:56 +0000 (UTC)
Received: by zephyr.silentflame.com (Postfix, from userid 1000)
 id 99A579417C1; Fri, 27 Dec 2024 13:36:55 +0000 (GMT)
From: Sean Whitton <spwhitton@HIDDEN>
To: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
In-Reply-To: <86zfkhwmj7.fsf@HIDDEN> (Eli Zaretskii's message of "Fri, 27 Dec
 2024 10:35:56 +0200")
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN>
 <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN>
 <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
 <865xna60oj.fsf@HIDDEN>
 <4ff33026-e509-41d0-8d02-e67db644a797@HIDDEN>
 <87ed1tpobf.fsf@HIDDEN> <86zfkhwmj7.fsf@HIDDEN>
Date: Fri, 27 Dec 2024 13:36:55 +0000
Message-ID: <871pxtp7rc.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75017
Cc: dmitry@HIDDEN, jm@HIDDEN, stefankangas@HIDDEN,
 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello,

On Fri 27 Dec 2024 at 10:35am +02, Eli Zaretskii wrote:

>> From: Sean Whitton <spwhitton@HIDDEN>
>> Cc: Eli Zaretskii <eliz@HIDDEN>,  jm@HIDDEN,  stefankangas@HIDDEN,
>>   75017 <at> debbugs.gnu.org
>> Date: Fri, 27 Dec 2024 07:39:16 +0000
>>
>> For Debian we'll probably patch in so everything that we install on the
>> system is automatically trusted.  It seems natural to me to see this as
>> the distributor's responsibility.
>
> I think this is the end-user's responsibility, not yours.  So I urge
> you to reconsider.  At the very least ask the user at installation
> time whether she wants to declare the entire tree trusted, but don't
> do it unconditionally, because it basically renders this change in
> large part ineffective, and then why did we even bother to do it,
> delaying the release etc.?

It sounds like I am significantly misunderstanding something.  I thought
that this trusted-files change was about, e.g., random Lisp files in my
~/Downloads/.  Debian will certainly not be marking those as trusted!

Let me step back a bit.

If you install Emacs on the next release of Debian and you enable
installing all suggested packages, you'll also get a bunch of major
modes from GNU ELPA and elsewhere, such as markdown-mode (thanks to
Xiyue Deng for sorting out the metadata such that these other modes are
suggested by our package manager).

These are Debian-vetted versions of these packages; we have lots of
users who don't want to use package.el directly.  The Lisp is installed
under /usr/share/emacs/site-lisp/elpa-src.  It's equally as safe as the
code for Emacs itself; the same people (Debian Developers) have upload
access for Emacs and for all those other major modes.  So, I would have
thought we would be marking those as trusted on behalf of our users.

Does this still seem wrong to you?  Can you see what I've misunderstood?

-- 
Sean Whitton
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 27 Dec 2024 08:36:09 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Dec 27 03:36:09 2024
Received: from localhost ([127.0.0.1]:44622 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tR5pI-0003WW-L1
	for submit <at> debbugs.gnu.org; Fri, 27 Dec 2024 03:36:09 -0500
Received: from eggs.gnu.org ([209.51.188.92]:36972)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1tR5pD-0003Vx-Tv
 for 75017 <at> debbugs.gnu.org; Fri, 27 Dec 2024 03:36:07 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
 id 1tR5p8-0005dB-0h; Fri, 27 Dec 2024 03:35:58 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
 mime-version; bh=z7Y44MeBKO/YCPbWtJfa2O4tIwdTBRRkOKCYH9SNA9Q=; b=LCGl8W4lmcE5
 TcUA+gkahODueTfFOp00wp0gMIy3AQFLY2mOu8pGN8EZFW1ajDBW279Ofx8PhqqhfTJDUOQh9rtMk
 cGpbpE62TxczYxSfF+9pw6CTKEAdcquV+PIV6cOhba5PVfcI7auVwhAeKyhzD9lJ7sphqLMjehgzN
 Lav4tJBOsw14SAB+aWGEVA4NTKkFIwEo36KHl6LlJotyAsEFZQNPyZnL7dYnum2dZjxwo4tqiV/5W
 cBNNHbUsLNtmZ9fdu0GT89zPRgY3A1k63DzGv0YY2UdeqcX2Bo+3DYRzaZ4MDVSx5u8Chqg1Bepz3
 +cr5U8zSfozSm1XI/b83+Q==;
Date: Fri, 27 Dec 2024 10:35:56 +0200
Message-Id: <86zfkhwmj7.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Sean Whitton <spwhitton@HIDDEN>
In-Reply-To: <87ed1tpobf.fsf@HIDDEN> (message from Sean
 Whitton on Fri, 27 Dec 2024 07:39:16 +0000)
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN>
 <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN>
 <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
 <865xna60oj.fsf@HIDDEN>
 <4ff33026-e509-41d0-8d02-e67db644a797@HIDDEN>
 <87ed1tpobf.fsf@HIDDEN>
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75017
Cc: dmitry@HIDDEN, jm@HIDDEN, stefankangas@HIDDEN,
 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Sean Whitton <spwhitton@HIDDEN>
> Cc: Eli Zaretskii <eliz@HIDDEN>,  jm@HIDDEN,  stefankangas@HIDDEN,
>   75017 <at> debbugs.gnu.org
> Date: Fri, 27 Dec 2024 07:39:16 +0000
> 
> For Debian we'll probably patch in so everything that we install on the
> system is automatically trusted.  It seems natural to me to see this as
> the distributor's responsibility.

I think this is the end-user's responsibility, not yours.  So I urge
you to reconsider.  At the very least ask the user at installation
time whether she wants to declare the entire tree trusted, but don't
do it unconditionally, because it basically renders this change in
large part ineffective, and then why did we even bother to do it,
delaying the release etc.?
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 27 Dec 2024 07:39:27 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Dec 27 02:39:27 2024
Received: from localhost ([127.0.0.1]:44531 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tR4wQ-0000jj-Rl
	for submit <at> debbugs.gnu.org; Fri, 27 Dec 2024 02:39:27 -0500
Received: from sendmail.purelymail.com ([34.202.193.197]:39848)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <spwhitton@HIDDEN>) id 1tR4wO-0000jS-Mv
 for 75017 <at> debbugs.gnu.org; Fri, 27 Dec 2024 02:39:25 -0500
DKIM-Signature: a=rsa-sha256;
 b=o22FRM0tHUTgY5njLhEQKeVyyZN4Sb/fwcvqLwn/NXLqDpo/NgT5Lk/eOe73CA1f3VQZgMUZvUH7gEZUYSy81AZYzvGLa2gDJkV4i+KiT/ME7jpd44YZcnCWwJSEbaz80UjeE+W5lIMu3btYSYewKa6g6jrYachJB3ymM6reTyPsIt6b95L22EgKX5AKwc7+Qd6u20yDzxiUglwO+GlPeqYGev9ExjC7uWA2EUw4vKleJr/V0sa2qrbHpVfdInC2GDZ9/NlbnBVPKssuCzPL77YKLOycFFFD+5oIfpuWEcPr9cf3xo6qc/B57vbR9rbOEA0StWKn9VAS/p1NfssPOA==;
 s=purelymail2; d=spwhitton.name; v=1;
 bh=8QkX20i5N4Q0TyukWJCiApH9RGZNlOY5Fd/RJR/OXoI=;
 h=Received:Received:From:To:Subject:Date; 
DKIM-Signature: a=rsa-sha256;
 b=Eg14ri6WNnv1d9yUHcuT3rIrzeDRUCoyNlqdHTQzQ/l5FFR+pWgSZm8+8jMU8blg9M15KTW6rtGDBYEg3Pj9pvKadKX3q4VZv6FtmZi1nQ8BKtBPP6E1X4SgWBzC7FYmjvgHwUAE/Lz0iU51kcJsDt8fHzKQ3DhSwxbJNyyIHX8L3KP4UtHR/elfXwRxzqE0SKocRqFzcQY9WyoyOFg0lXpycqywHEj29yZd72SR1Vf6FX+Wt/+7IEK34gp0UDhpdtYa5w6O5pQmr6D+K3ldnketU2BSgQM1V92y+7pkguzNdXBRqCNHThJTGlv4bRtxojs97CeuJ7M/vD1VpxRGbA==;
 s=purelymail2; d=purelymail.com; v=1;
 bh=8QkX20i5N4Q0TyukWJCiApH9RGZNlOY5Fd/RJR/OXoI=;
 h=Feedback-ID:Received:Received:From:To:Subject:Date; 
Feedback-ID: 20115:3760:null:purelymail
X-Pm-Original-To: 75017 <at> debbugs.gnu.org
Received: by smtp.purelymail.com (Purelymail SMTP) with ESMTPSA id 1816988279; 
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);
 Fri, 27 Dec 2024 07:39:17 +0000 (UTC)
Received: by zephyr.silentflame.com (Postfix, from userid 1000)
 id 5FBA8941C75; Fri, 27 Dec 2024 07:39:16 +0000 (GMT)
From: Sean Whitton <spwhitton@HIDDEN>
To: Dmitry Gutov <dmitry@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
In-Reply-To: <4ff33026-e509-41d0-8d02-e67db644a797@HIDDEN> (Dmitry Gutov's
 message of "Wed, 25 Dec 2024 01:29:36 +0200")
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN>
 <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN>
 <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
 <865xna60oj.fsf@HIDDEN>
 <4ff33026-e509-41d0-8d02-e67db644a797@HIDDEN>
Date: Fri, 27 Dec 2024 07:39:16 +0000
Message-ID: <87ed1tpobf.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75017
Cc: Eli Zaretskii <eliz@HIDDEN>, jm@HIDDEN, stefankangas@HIDDEN,
 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello,

On Wed 25 Dec 2024 at 01:29am +02, Dmitry Gutov wrote:

> Thank you. So the scenario where we would make the distinction is when the
> user managed to notice (somehow?) that the file had changed during the Emacs
> session, and then went to edit it.
>
> To be frank, I asked the question after reading the scenario from the first
> message, and it talks about early-init-file. IIUC this file lives in the same
> dir as the plain user-init-file, so the chances of them being edited by
> someone other than the user should be about equal, and we do "trust" the
> latter file automatically.
>
> Probably not too critical, but inconsistencies can be annoying (the user has
> to spend time figuring out whether something is broken and why).

For Debian we'll probably patch in so everything that we install on the
system is automatically trusted.  It seems natural to me to see this as
the distributor's responsibility.

-- 
Sean Whitton
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 24 Dec 2024 23:59:25 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Dec 24 18:59:25 2024
Received: from localhost ([127.0.0.1]:35421 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tQEo8-0007De-Oc
	for submit <at> debbugs.gnu.org; Tue, 24 Dec 2024 18:59:25 -0500
Received: from mail-ed1-f50.google.com ([209.85.208.50]:61922)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <stefankangas@HIDDEN>) id 1tQEo5-0007DU-Qb
 for 75017 <at> debbugs.gnu.org; Tue, 24 Dec 2024 18:59:23 -0500
Received: by mail-ed1-f50.google.com with SMTP id
 4fb4d7f45d1cf-5d3d0205bd5so7468197a12.3
 for <75017 <at> debbugs.gnu.org>; Tue, 24 Dec 2024 15:59:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1735084701; x=1735689501; darn=debbugs.gnu.org;
 h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
 :from:from:to:cc:subject:date:message-id:reply-to;
 bh=TIaCRa/fbi3Gxp/Bnxk9cqZy7xvDzqWDzPqQGrSDIHU=;
 b=ZixJDXWR3bWA2v6ICbU3S48f5rnMWpk/KLAWVC1MAP1n6aMxnQJpQ8f8S4TqmaZbg4
 RrGD1XU3rg3mIn4vHyG4tSHLVcf9cnRXJx8nu9V0K1EN0Jpf3dXIGIujo9vE+4aqSpEH
 7aKym1i0X2qOz/69XV86HKYEbJjmRhwW+AxbEoZDrC57YVbAFM0vhMI7xeer6KfSBwzp
 NzNoKLri+dJR+THH3ckbVdJE8Beb0WZv5hFrMAhgm4E6xjdxOmN0pPHlVbbS8OoaNi7M
 cDMB4joioTSYsfT/hzOSweCUTzVyEWGfsL3fxDvD1+lCsDDVj8iym/veBn10db4O9epl
 CQlg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1735084701; x=1735689501;
 h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=TIaCRa/fbi3Gxp/Bnxk9cqZy7xvDzqWDzPqQGrSDIHU=;
 b=O6WhVO4xZgTFOyj0sFQ5PWHUERUUqRwvR98ecjabGYaLOkRWvCiUKPU4DI4ts+7juv
 p5MJZHQcL/Sq8C4DHveAX9pPDAMhztF7ZgHkv8cTpty99+xrR1NU+SMyDDXG5DCFRw+0
 yy60H8FztOagOAWwfqL8CZWC1NeR05CvzlZkSeM2msMNgstJ1QN2Nkfvy3ZiB62aloli
 GRyx4XKpkHFf6FzlbcOZ+TdK6FlETpDPxmXuKxLkt4An/xwrFLWrJXcVpmh4mGza35tA
 QuyVDrTEMzeZep6O8l/FquhpMs0tEYJ8/ol3DgB69JoFHbjTLQbAt/7LlhjOl7Jg9YXG
 dssA==
X-Forwarded-Encrypted: i=1;
 AJvYcCUoZ/fAxgPrjJW3i0atO6GOrDR16Jq0zfWIb9rr7uR4wd0HWY9QH35HLPi30MntQ2f/HA248w==@debbugs.gnu.org
X-Gm-Message-State: AOJu0YwCe5pkWmdV9ra1awEBvCMwCeGEUTbWHpHXRYlNYpR9MD8smdFH
 GtpBx7uDS8fJ0N+XcY7tdh8Ld0GOFbAHuS/NXdjT+XVre9nE0QA2jxvoh5tXnzsee+x9Efd6frI
 QjlTIAHt/w0Lkx0ZYg1mf4+V9osg=
X-Gm-Gg: ASbGncuquo/Y1GWEHCJy4SdZUAluDMumasKcvcARw1q2j193BeJddjxIiledh4MpebQ
 4CtzY8gzzwu/WXJfvHxgLmDd62rf7BBgARFnI6zw=
X-Google-Smtp-Source: AGHT+IHA1ho4Kf4jtTOyrMKHWAszd+BM3BUdulG9MpC31ISmJrYw2fCPonxvXXB0uyfFiJ3tbZWmF3TeFDC24ekbDEg=
X-Received: by 2002:a05:6402:354b:b0:5d4:4143:c082 with SMTP id
 4fb4d7f45d1cf-5d81ddfbda8mr13445367a12.21.1735084700598; Tue, 24 Dec 2024
 15:58:20 -0800 (PST)
Received: from 753933720722 named unknown by gmailapi.google.com with
 HTTPREST; Tue, 24 Dec 2024 23:58:20 +0000
From: Stefan Kangas <stefankangas@HIDDEN>
In-Reply-To: <jwvmsglhc4i.fsf-monnier+emacs@HIDDEN>
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <87frmf9r3z.fsf@HIDDEN> <86v7va4kj6.fsf@HIDDEN>
 <jwvmsglhc4i.fsf-monnier+emacs@HIDDEN>
MIME-Version: 1.0
Date: Tue, 24 Dec 2024 23:58:20 +0000
Message-ID: <CADwFkmn006YPmxy3Mh06f20Z25diiCfTRqA47hUv6gKH+1vxaA@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
To: Stefan Monnier <monnier@HIDDEN>, Eli Zaretskii <eliz@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75017
Cc: john muhl <jm@HIDDEN>, 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Stefan Monnier via "Bug reports for GNU Emacs, the Swiss army knife of
text editors" <bug-gnu-emacs@HIDDEN> writes:

>> Maybe we should trust the early-init-file as well, but then where does
>> this end?  The init files can load gobs of other files.  And there's
>> also custom-file (when it isn't nil), desktop-dirname and
>> desktop-base-file-name, etc. etc.
>> Stefan, WDYT about this?
>
> For Emacs-30, I see no need to make changes to what we have in this
> regard for the simple reason that `elisp-flymake-byte-compile` usually
> doesn't give great feedback in init files or in most of those other
> funny loaded files like desktop's (both false positives and false
> negatives).  So there's no hurry in deciding whether to include
> `early-init-file`, or `custom-file`, or `desktop-dirname`, or ...
>
> More useful might be to auto-trust the packages's ELisp files
> found in `load-path` (because these are files for which that backend
> should usually give good quality feedback). But that's a bigger change
> and it's not completely clear which files we should trust there, so
> I don't think we're ready to add that in `emacs-30`.

I agree that what we have is fine for Emacs 30.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 24 Dec 2024 23:29:47 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Dec 24 18:29:47 2024
Received: from localhost ([127.0.0.1]:35369 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tQELT-0005n4-3M
	for submit <at> debbugs.gnu.org; Tue, 24 Dec 2024 18:29:47 -0500
Received: from fhigh-a8-smtp.messagingengine.com ([103.168.172.159]:46669)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <dmitry@HIDDEN>) id 1tQELR-0005ms-Sd
 for 75017 <at> debbugs.gnu.org; Tue, 24 Dec 2024 18:29:46 -0500
Received: from phl-compute-11.internal (phl-compute-11.phl.internal
 [10.202.2.51])
 by mailfhigh.phl.internal (Postfix) with ESMTP id C521B11400F8;
 Tue, 24 Dec 2024 18:29:40 -0500 (EST)
Received: from phl-mailfrontend-01 ([10.202.2.162])
 by phl-compute-11.internal (MEProxy); Tue, 24 Dec 2024 18:29:40 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gutov.dev; h=cc
 :cc:content-transfer-encoding:content-type:content-type:date
 :date:from:from:in-reply-to:in-reply-to:message-id:mime-version
 :references:reply-to:subject:subject:to:to; s=fm3; t=1735082980;
 x=1735169380; bh=RE8kaIHS/N50Naf25uEaOZ0FRe+zAvG/dCtvwhvizp4=; b=
 B2u00Vn8NFKX6x/GsiQ39492Zwyybkyl3b2eCo7HLGNaFs7vziaszZl4wXG3mVXp
 AgdFWq7BTTRGgtnGhaDRqtRKZdwVdhoGreXCuZleiaPcbLg1eYsr8evJCMMtoc+I
 aEGZ9EuaEvooAEq/+fFopco3UdmrIMYg4ZE3nzIMHoVsy/xeUQnJyOjOT0BMk5Od
 Ou3SKoDYrRcXfrDD+Gj+yH/djyeGt+apGEnsyKKR2Tp+Fy4o93tc2kGRu1nOM8/o
 n3pjbXoBANZQ0jFAO2mM2HRqlnK0IynRdepPA7immGjbjr43QgIw563/U7EZu9cS
 iE71AN1XtvHRkGm8B1AIAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-transfer-encoding
 :content-type:content-type:date:date:feedback-id:feedback-id
 :from:from:in-reply-to:in-reply-to:message-id:mime-version
 :references:reply-to:subject:subject:to:to:x-me-proxy
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1735082980; x=
 1735169380; bh=RE8kaIHS/N50Naf25uEaOZ0FRe+zAvG/dCtvwhvizp4=; b=V
 ybZ3CRuBLZS48eL+qXvErtvnTNGfG2RAvNuO2jEulMDRNP06jkJl2GRzuxF9OMDT
 WaIxCQvKDQ6u0MCSh6SvcjYkNeq2QBS8hdGMNSdslC18vN5EtqYUUHxTfjIwoXXc
 5rc/OOahdkktFhkVjX6yjDvtUVIYLtda5cZpoStEQprrDeer/wEB/eCXAETxDGYw
 y+5OvARYgPb9rev0dFqVF81GqSXhc00T6a5mHDD/In2bEtQGd1c4qkWHULAyAdks
 jJxnJgDDuSnh1UBGewXPLcKsAVQk27+Z1a/34d0gUFEA8ohRLpRr/2wXQxShD6zs
 Jj6U04Mg3lNeJMUU1lP6g==
X-ME-Sender: <xms:5ENrZ9ceFUkLnc2OzbxPpfV6M0HHe9bFPFIt-QEZmv8VeadKQPztqA>
 <xme:5ENrZ7Nn3T8ywgAnXlXqqrJYSrCT6KTN2KmtqVivH7-nmsa_GOaUSGl-LCmrTsSUH
 EwT3KbgRBfR-1rZ9Xs>
X-ME-Received: <xmr:5ENrZ2hR1OYIht2QPPFGxzJ1GEdWAbqrB5EXZ08zjWe3OPma-GE_Vu6g0c_xBJSGgGZf>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddrudduhedguddtucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu
 rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh
 htshculddquddttddmnecujfgurhepkfffgggfuffvvehfhfgjtgfgsehtjeertddtvdej
 necuhfhrohhmpeffmhhithhrhicuifhuthhovhcuoegumhhithhrhiesghhuthhovhdrug
 gvvheqnecuggftrfgrthhtvghrnhepteduleejgeehtefgheegjeekueehvdevieekueef
 tddvtdevfefhvdevgedujeehnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpe
 hmrghilhhfrhhomhepughmihhtrhihsehguhhtohhvrdguvghvpdhnsggprhgtphhtthho
 peegpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopegvlhhiiiesghhnuhdrohhrgh
 dprhgtphhtthhopehsthgvfhgrnhhkrghnghgrshesghhmrghilhdrtghomhdprhgtphht
 thhopehjmhesphhusgdrphhinhhkpdhrtghpthhtohepjeehtddujeesuggvsggsuhhgsh
 drghhnuhdrohhrgh
X-ME-Proxy: <xmx:5ENrZ2-FTYrrcIaN-LcSAX81UXlwW7To51jo-zyT1XDLKL7PhDD3SQ>
 <xmx:5ENrZ5tOewlrCIwMLFPkc23OP-8xrmdwqM_L4_sDhjdvLpSjvy33Rw>
 <xmx:5ENrZ1FW6jMHtvJpzkIlgX-JG7_B7K70wuCoJRYjlciaSxJAJelrEA>
 <xmx:5ENrZwMYnechT9u0RO3OcvnFIhBo-K1QcHbByjlPnkEbIHZdpaUj_A>
 <xmx:5ENrZzKEihfqvHy2gswNFLReh3HSkjYRDcb6-Biwkw3BrRCYrq_ZcaPC>
Feedback-ID: i07de48aa:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 24 Dec 2024 18:29:38 -0500 (EST)
Message-ID: <4ff33026-e509-41d0-8d02-e67db644a797@HIDDEN>
Date: Wed, 25 Dec 2024 01:29:36 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
To: Eli Zaretskii <eliz@HIDDEN>
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN> <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN> <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
 <865xna60oj.fsf@HIDDEN>
Content-Language: en-US
From: Dmitry Gutov <dmitry@HIDDEN>
In-Reply-To: <865xna60oj.fsf@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75017
Cc: jm@HIDDEN, stefankangas@HIDDEN, 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On 23/12/2024 14:31, Eli Zaretskii wrote:
>>>> And Emacs will load whatever's written there on the next restart.
>>>> Whether the user wrote to those files, or someone else.
>>> Yes, and your point is..?
>> That whatever malicious code we try to protect against using the
>> "trusted content" mechanism would be executed anyway.
> The scenario I have in mind is this:
> 
>    . Emacs session is running; when it was started, there was no
>      site-init file
>    . User notices that site-init file appeared
>    . User visits the site-init file
>    . Malicious macro in site-init file is executed
> 
> IOW, there could be valid situations where the user visits the file
> before restarting Emacs (which would load the file).  In these
> situations, it would make sense to treat the file as not trusted --
> unless the user tells us it should always be unconditionally trusted.
> 
> IMO, we should only make files and directories trusted by default if
> we are either 100% sure they can never be malicious

Thank you. So the scenario where we would make the distinction is when 
the user managed to notice (somehow?) that the file had changed during 
the Emacs session, and then went to edit it.

To be frank, I asked the question after reading the scenario from the 
first message, and it talks about early-init-file. IIUC this file lives 
in the same dir as the plain user-init-file, so the chances of them 
being edited by someone other than the user should be about equal, and 
we do "trust" the latter file automatically.

Probably not too critical, but inconsistencies can be annoying (the user 
has to spend time figuring out whether something is broken and why).
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 24 Dec 2024 12:15:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Dec 24 07:15:29 2024
Received: from localhost ([127.0.0.1]:59823 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tQ3ov-0004yW-Ky
	for submit <at> debbugs.gnu.org; Tue, 24 Dec 2024 07:15:29 -0500
Received: from eggs.gnu.org ([209.51.188.92]:55732)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1tQ3or-0004yB-1n
 for 75017 <at> debbugs.gnu.org; Tue, 24 Dec 2024 07:15:28 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
 id 1tQ3ok-0005E1-TN; Tue, 24 Dec 2024 07:15:18 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
 mime-version; bh=H9rr6Yfl+cEtY8fAeNVrZIYWxAzASQnajx8FOuQc/Qg=; b=lqNeYksaSj44
 idYYPsMM69gBnwSh3i3UCEM6Lmfnj4lvdg69sZvN9Q9bCd3SSy53QjFpateeRgfKfeBYM9dqWU7Na
 yFdyafxXocFSx7iUKAyHNRsD4GyZGnJl56534pxcqnHRdU/pXjGreVXONtVDTrXgr/MJ+z5Cu09tE
 /XuZxjlMLRPLtSoVXriKJ9eAt3A3+wO+OM4x9F84FMas8dqNT54uhjAf9H/qytzWYjovZCiwb5mDu
 K+gMQMi2zu4Z3byY2tt5W7ijkdlHYHtmbt69IVP3VvQsydpVeFey6Js6AAv1N+TdZs8Coc0IH1Vv6
 LY9ExiqoO0c/wrNCC/I/bA==;
Date: Tue, 24 Dec 2024 14:15:16 +0200
Message-Id: <86r05x2s6j.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Stefan Kangas <stefankangas@HIDDEN>
In-Reply-To: <CADwFkmmwdRYPVa2L4fcm4Pt+Rwa4O2Es5_VxXJNrX=szDUAGnw@HIDDEN>
 (message from Stefan Kangas on Tue, 24 Dec 2024 00:35:10 +0000)
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
References: <87bjx43gp7.fsf@HIDDEN>
 <CADwFkmk-W0ijE_4T0LMc3wqcp8BojQsb-+i998W6kZ2Hqnb2Wg@HIDDEN>
 <jwv4j2wcsvj.fsf-monnier+emacs@HIDDEN> <86h66w6yam.fsf@HIDDEN>
 <CADwFkmkAqcREmnqCodxgbS9uCVRHNmbtugJvRkpZLqZEgqonUA@HIDDEN>
 <86ikrb5zms.fsf@HIDDEN>
 <CADwFkmmyqFoZ1b44asf+kRJXo3fxHoH+Aqj+kgB93N=DiHbhZg@HIDDEN>
 <86ikra4gmy.fsf@HIDDEN>
 <CADwFkmmwdRYPVa2L4fcm4Pt+Rwa4O2Es5_VxXJNrX=szDUAGnw@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 75017
Cc: acorallo@HIDDEN, jm@HIDDEN, monnier@HIDDEN,
 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Stefan Kangas <stefankangas@HIDDEN>
> Date: Tue, 24 Dec 2024 00:35:10 +0000
> Cc: monnier@HIDDEN, jm@HIDDEN, 75017 <at> debbugs.gnu.org, 
> 	acorallo@HIDDEN
> 
> Eli Zaretskii <eliz@HIDDEN> writes:
> 
> > I think this is over-engineering.  Yes, there are situations where it
> > makes sense to trust site-init-file.  No, they are not 100% of the
> > possible situations.  Which in my book means we should leave it to
> > users to decide whether to trust that file or not.
> 
> How do you feel about early-init-file?

I'm with Stefan Monnier on this one: there's no urgency to make any
changes in that area.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 24 Dec 2024 05:48:38 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Dec 24 00:48:38 2024
Received: from localhost ([127.0.0.1]:59046 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPxmY-0002Vt-1l
	for submit <at> debbugs.gnu.org; Tue, 24 Dec 2024 00:48:38 -0500
Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:62223)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <monnier@HIDDEN>) id 1tPxmU-0002VY-6e
 for 75017 <at> debbugs.gnu.org; Tue, 24 Dec 2024 00:48:37 -0500
Received: from pmg2.iro.umontreal.ca (localhost.localdomain [127.0.0.1])
 by pmg2.iro.umontreal.ca (Proxmox) with ESMTP id 0F261800C4;
 Tue, 24 Dec 2024 00:48:28 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca;
 s=mail; t=1735019307;
 bh=DSujsBxP9xaXA4ylJ8W4hyg4C5ZGrIC2bTE1xfssvz4=;
 h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
 b=Y6vq+VMKpruvxt3+FuAe56aVHb8ycxdPoqStrxO2ZZvYc3GmiFhY4E+260lnSvhaE
 2jTnKXTqhHOaT9V+Vq0sf9B/5l7YrN9WcrdWFTWNkH0TpI91M7QdLCfAlm8lKa5MQ1
 2NiKpFhSO9faMnZkLNqlSZh170dfy9RX+wWelo21wwHXeOuWXp5ifvEL2K7T4jZSB1
 Xs5oregThTOW4sgKoCohpyAUSfcHL+t61R+ybcC+VnxKW+WULVkOgN093dojtNTKzc
 L19y6W6bLUDPQubYFo4bhZGOloUYDXv7PPnJ7G9m1t5IU9D63PCzk0HVuqvXkK3fmv
 vtif6OATRwRVQ==
Received: from mail01.iro.umontreal.ca (unknown [172.31.2.1])
 by pmg2.iro.umontreal.ca (Proxmox) with ESMTP id F1FF2804E6;
 Tue, 24 Dec 2024 00:48:26 -0500 (EST)
Received: from pastel (104-195-225-43.cpe.teksavvy.com [104.195.225.43])
 by mail01.iro.umontreal.ca (Postfix) with ESMTPSA id BF25D120099;
 Tue, 24 Dec 2024 00:48:26 -0500 (EST)
From: Stefan Monnier <monnier@HIDDEN>
To: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
In-Reply-To: <86v7va4kj6.fsf@HIDDEN> (Eli Zaretskii's message of "Mon, 23 Dec
 2024 15:05:17 +0200")
Message-ID: <jwvmsglhc4i.fsf-monnier+emacs@HIDDEN>
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <87frmf9r3z.fsf@HIDDEN> <86v7va4kj6.fsf@HIDDEN>
Date: Tue, 24 Dec 2024 00:48:25 -0500
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-SPAM-INFO: Spam detection results:  0
 ALL_TRUSTED                -1 Passed through trusted hosts only via SMTP
 AWL -0.051 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's
 domain
 DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from
 domain
X-SPAM-LEVEL: 
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 75017
Cc: john muhl <jm@HIDDEN>, 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> Maybe we should trust the early-init-file as well, but then where does
> this end?  The init files can load gobs of other files.  And there's
> also custom-file (when it isn't nil), desktop-dirname and
> desktop-base-file-name, etc. etc.
> Stefan, WDYT about this?

For Emacs-30, I see no need to make changes to what we have in this
regard for the simple reason that `elisp-flymake-byte-compile` usually
doesn't give great feedback in init files or in most of those other
funny loaded files like desktop's (both false positives and false
negatives).  So there's no hurry in deciding whether to include
`early-init-file`, or `custom-file`, or `desktop-dirname`, or ...

More useful might be to auto-trust the packages's ELisp files
found in `load-path` (because these are files for which that backend
should usually give good quality feedback). But that's a bigger change
and it's not completely clear which files we should trust there, so
I don't think we're ready to add that in `emacs-30`.


        Stefan
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 24 Dec 2024 00:36:15 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Dec 23 19:36:15 2024
Received: from localhost ([127.0.0.1]:58568 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPsuE-00050Q-Ux
	for submit <at> debbugs.gnu.org; Mon, 23 Dec 2024 19:36:15 -0500
Received: from mail-ed1-f48.google.com ([209.85.208.48]:54423)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <stefankangas@HIDDEN>) id 1tPsuC-00050F-8H
 for 75017 <at> debbugs.gnu.org; Mon, 23 Dec 2024 19:36:13 -0500
Received: by mail-ed1-f48.google.com with SMTP id
 4fb4d7f45d1cf-5d0f6fa6f8bso1609158a12.0
 for <75017 <at> debbugs.gnu.org>; Mon, 23 Dec 2024 16:36:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1735000511; x=1735605311; darn=debbugs.gnu.org;
 h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
 :from:from:to:cc:subject:date:message-id:reply-to;
 bh=+mwyP95vAIvLbGUXHPsLdPMhNIXD71q4ya3p/ZSmmP0=;
 b=Tk0IamWWQn4zxhfriupi3jh8z+pOyty5H2tRBdY2AMPdm8P7aQAcM+0Hij3CsM4To1
 2VjoKulhGaVAkc693ps/4h8BiRsuu7/JY70cof8bZTYdiNUe842I8ZQuRtnPm29JR3vX
 Ujpked99wfCo3XdVeDvHT2UggtGQyalh6NrS4iewqsIb43KjEyu7hR7u4JpH4/UZ9w+V
 V9oArC7ehw5tZqsaw0a/q5CBcP+V8HnBkagmF3c0rDmOCGYvFAEN9eoejVV8g6XL3pO9
 IUDwF9JO3kyuBel0d/XndetIaTnBTVzQd4FEh9vQZIs6wfKk3KgKUkUNULowUKYtS0pQ
 oHkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1735000511; x=1735605311;
 h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=+mwyP95vAIvLbGUXHPsLdPMhNIXD71q4ya3p/ZSmmP0=;
 b=AnzkxKJxzEdKfl9ghrrWp60QPS5PFRSGbe1MZhO0fS2jU+dnpUQA9gza64cSurpDNU
 Ta/sbI7qiKxclL2oX4SxHqpS3sM2sQ6HVLP1WUzsAV+uoPT4BzTSxh0MafVEAoqTfoTg
 ucR/dQsvG2ffRtABpuV8mxAdiu5PREQvXUt9zfWbvtcwvoZv+ZPwOhksD2/YHMXV+G8a
 HM7kDDSJDEDzIfiKoEOO455TWPbYkFgRpaJWTUu9uP6FUYUwKVc/h+RUI6OtExsT6Y0k
 PFJyDiWhpHxfeLMVLQ5uJ2Bc6PISg0ofABTZ9xSrRIjvP5Kdrmu3m1uDkEkeQlYUJMkG
 mKpQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCU0qQ3Y30QO9jXs9rx+2U4NF3+ce4FD3+VLpcXBy7spO7Rv6fI6ytLnNQJiSzP8WjdDE7v51Q==@debbugs.gnu.org
X-Gm-Message-State: AOJu0YyplTWhcvqoYIdj5j0gJqTR65UYWdAfXCjw1v31OPd5JxXa0QjK
 f8zlRyhnWvBD7DZ50H1OrwYDNr/MDG54cae7jdymx7a6zKsMVeKAgzeOU3gJXiQnM3Z+LX/CXPS
 iroCkudCiLRK2E50DqwnGiJVDIxU=
X-Gm-Gg: ASbGncvV+eh1BFYWk36t0UgEjqA7MDwCu/TxCV7pfcvHTaTd0N5zpT1I+CUgy9oPFiZ
 zfs92qeGqSGBCSi1Pwh10hY+HlPVP3YgmU5VvpWU=
X-Google-Smtp-Source: AGHT+IEfdEYG2ZRrV3Vi0zWVpR5jUvpT+xKoBJq8lVIwxVb4RI3420G1QSLMGyDL0mSWrD4nSZzF9nEQOrweGVuutDs=
X-Received: by 2002:a05:6402:3228:b0:5d0:d330:c965 with SMTP id
 4fb4d7f45d1cf-5d81dc6575bmr14091034a12.0.1735000510962; Mon, 23 Dec 2024
 16:35:10 -0800 (PST)
Received: from 753933720722 named unknown by gmailapi.google.com with
 HTTPREST; Tue, 24 Dec 2024 00:35:10 +0000
From: Stefan Kangas <stefankangas@HIDDEN>
In-Reply-To: <86ikra4gmy.fsf@HIDDEN>
References: <87bjx43gp7.fsf@HIDDEN>
 <CADwFkmk-W0ijE_4T0LMc3wqcp8BojQsb-+i998W6kZ2Hqnb2Wg@HIDDEN>
 <jwv4j2wcsvj.fsf-monnier+emacs@HIDDEN> <86h66w6yam.fsf@HIDDEN>
 <CADwFkmkAqcREmnqCodxgbS9uCVRHNmbtugJvRkpZLqZEgqonUA@HIDDEN>
 <86ikrb5zms.fsf@HIDDEN>
 <CADwFkmmyqFoZ1b44asf+kRJXo3fxHoH+Aqj+kgB93N=DiHbhZg@HIDDEN>
 <86ikra4gmy.fsf@HIDDEN>
MIME-Version: 1.0
Date: Tue, 24 Dec 2024 00:35:10 +0000
Message-ID: <CADwFkmmwdRYPVa2L4fcm4Pt+Rwa4O2Es5_VxXJNrX=szDUAGnw@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
To: Eli Zaretskii <eliz@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75017
Cc: acorallo@HIDDEN, jm@HIDDEN, monnier@HIDDEN,
 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Eli Zaretskii <eliz@HIDDEN> writes:

> I think this is over-engineering.  Yes, there are situations where it
> makes sense to trust site-init-file.  No, they are not 100% of the
> possible situations.  Which in my book means we should leave it to
> users to decide whether to trust that file or not.

How do you feel about early-init-file?
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 23 Dec 2024 19:15:49 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Dec 23 14:15:49 2024
Received: from localhost ([127.0.0.1]:57907 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPnu8-0006rb-If
	for submit <at> debbugs.gnu.org; Mon, 23 Dec 2024 14:15:49 -0500
Received: from thaodan.de ([185.216.177.71]:52436)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bjorn.bidar@HIDDEN>) id 1tPnu5-0006r8-Le
 for 75017 <at> debbugs.gnu.org; Mon, 23 Dec 2024 14:15:46 -0500
Received: from odin (dsl-trebng12-50dc7b-49.dhcp.inet.fi [80.220.123.49])
 by thaodan.de (Postfix) with ESMTPSA id 6C291D0004A;
 Mon, 23 Dec 2024 21:15:34 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=thaodan.de; s=mail;
 t=1734981334; bh=UavU92gtNpMuMHUaaHWtvn/EJyJz99NEs9IM4pGGjK4=;
 h=From:To:Cc:Subject:In-Reply-To:References:Date;
 b=BDgfbVCsEJ5dxVSim/M0w0Xv47ICf1TEwoa62RjkrJUESk0I8YBGKMZ50VUbMxi+B
 4fvG1YG99q9lZCph0GT94/XMFqcRGu9AwToMSAprUBA4aTZaaEotRXA8kGtLEfWtXn
 LtWUoByiWp0cdYEXcCRod3BDIml5Ji0Tu39wO0d2b721Ny/X6tnWKcbPkEv+JaWeGV
 OqfsO2A8IzpAxvQDPXSzopUDFS6pPg4aYpqdFeHIzOyzhgTVNJkMeDUZFHts4cf5ib
 I8xzyH4gfL31xyXunwwbon8IlFwOOSFEoaqWOZ0cObbMudj/+6Q/HMzQ6gSMgdDlal
 B9UwAbS2f3GpJYHNk2DbLApzKgQIMfVQAySU0GhWrrM/IhbmZ5Jv/wjevDyPBEPv2p
 KVmven+Bpu6qFOlHl6GAzv2/Qn6I+ynXUQLiuOkyZJP77i8IW16iYNCGVYVyvDCU0d
 DRLlpcqF7jj8jODnbC6wtSpplyQN1/rUho1qVoe5UY4Mayi88N5Q3grNPSI7OZYfkA
 R1fPCneIv9u9uwlwUWULcAtANtu9ZGFFC590bLpBgBGvXZQD9/TLR0tpnmN74sjwah
 KcnOs4d0oUq3mTrZMbQsfDX5G/zwj6zIBodGjAYuY+RcP3k8AZDaqZDUgR7n4pmtgR
 MJDr4ETbD9fDtYyjdL2zApCw=
From: =?utf-8?Q?Bj=C3=B6rn?= Bidar <bjorn.bidar@HIDDEN>
To: Stefan Kangas <stefankangas@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
In-Reply-To: <CADwFkmmyqFoZ1b44asf+kRJXo3fxHoH+Aqj+kgB93N=DiHbhZg@HIDDEN>
 (Stefan Kangas's message of "Mon, 23 Dec 2024 14:10:30 +0000")
References: <87bjx43gp7.fsf@HIDDEN>
 <CADwFkmk-W0ijE_4T0LMc3wqcp8BojQsb-+i998W6kZ2Hqnb2Wg@HIDDEN>
 <jwv4j2wcsvj.fsf-monnier+emacs@HIDDEN> <86h66w6yam.fsf@HIDDEN>
 <CADwFkmkAqcREmnqCodxgbS9uCVRHNmbtugJvRkpZLqZEgqonUA@HIDDEN>
 <86ikrb5zms.fsf@HIDDEN>
 <CADwFkmmyqFoZ1b44asf+kRJXo3fxHoH+Aqj+kgB93N=DiHbhZg@HIDDEN>
Autocrypt: addr=bjorn.bidar@HIDDEN; prefer-encrypt=nopreference; keydata=
 mDMEZNfpPhYJKwYBBAHaRw8BAQdACBEmr+0xwIIHZfIDlZmm7sa+lHHSb0g9FZrN6qE6ru60JUJq
 w7ZybiBCaWRhciA8Ympvcm4uYmlkYXJAdGhhb2Rhbi5kZT6IlgQTFgoAPgIbAwULCQgHAgIiAgYV
 CgkICwIEFgIDAQIeBwIXgBYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1/YmAhkBAAoJEFwbdKFl
 HF9oB9cBAJoIIGQKXm4cpap+Flxc/EGnYl0123lcEyzuduqvlDT0AQC3OlFKm/OiqJ8IMTrzJRZ8
 phFssTkSrrFXnM2jm5PYDoiTBBMWCgA7FiEEUfF263VHMB6nKairXBt0oWUcX2gFAmTX6T4CGwMF
 CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQXBt0oWUcX2hbCQEAtru7kvM8hi8zo6z9ux2h
 K+B5xViKuo7Z8K3IXuK5ugwA+wUfKzomzdBPhfxDsqLcEziGRxoyx0Q3ld9aermBUccHtBxCasO2
 cm4gQmlkYXIgPG1lQHRoYW9kYW4uZGU+iJMEExYKADsCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwEC
 HgcCF4AWIQRR8XbrdUcwHqcpqKtcG3ShZRxfaAUCZNf2FQAKCRBcG3ShZRxfaCzSAP4hZ7cSp0YN
 XYpcjHdsySh2MuBhhoPeLGXs+2kSiqBiOwD/TP8AgPEg/R+SI9GI9on7fBJJ0mp2IT8kZ2rhDOjg
 gA6IkwQTFgoAOxYhBFHxdut1RzAepymoq1wbdKFlHF9oBQJk1+ntAhsDBQsJCAcCAiICBhUKCQgL
 AgQWAgMBAh4HAheAAAoJEFwbdKFlHF9oBgwA/iQHwe0VL4Df4GGTYlNjMSHFlIkBmN4UfYGLYj3E
 TrOUAQC51M+M3cjsL8WHdpBz6VAo6df9d+rVwhQ9vQuFHqevArg4BGTX6T4SCisGAQQBl1UBBQEB
 B0Cbohc3JEfn005/cm0AOGjSsW1ZxAkgaoVNjbpqk4MgNAMBCAeIeAQYFgoAIBYhBFHxdut1RzAe
 pymoq1wbdKFlHF9oBQJk1+k+AhsMAAoJEFwbdKFlHF9ooHABAKGmrGBic/Vys3BBrOQiRB3Z7izO
 HwhqTRpAqFZtXS2nAQDZhp/5aYw1TZjTzkm1KVt9QiYnjd/MvxRE9iaY6x4mDbgzBGTX6T4WCSsG
 AQQB2kcPAQEHQAgRJq/tMcCCB2XyA5WZpu7GvpRx0m9IPRWazeqhOq7uiO8EGBYKACAWIQRR8Xbr
 dUcwHqcpqKtcG3ShZRxfaAUCZNf71AIbIgCBCRBcG3ShZRxfaHYgBBkWCgAdFiEEUfF263VHMB6n
 KairXBt0oWUcX2gFAmTX+9QACgkQXBt0oWUcX2jeSwD6AtWn0cuo8IF35YRo4o3cDRJnUfJnbvJy
 GxyCDThR+zYBAKG6/jdwmZkBQZKslnDAbMMd2WfiZZT5JW3IWC4EaKMO7HkBAKYPGZ3UbfkRvfFK
 S+pQ9CgtNfkSJQBtT1Ob7Y6nsacgAQCpyXN7yppmhW/oBgivITPy9Lkg+V4NK9WZYZCU9Q7LBA==
Date: Mon, 23 Dec 2024 21:15:32 +0200
Message-ID: <87frmerz1n.fsf@>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 1.2 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: Stefan Kangas <stefankangas@HIDDEN> writes: > Eli
 Zaretskii
 <eliz@HIDDEN> writes: > >>> From: Stefan Kangas <stefankangas@HIDDEN>
 >>> Date: Sun, 22 Dec 2024 17:36:15 +0000 >>> Cc: jm@HIDDEN,
 75017 <at> debbugs.gnu.org, acorallo@HIDDEN >>> >>> [...] 
 Content analysis details:   (1.2 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
 query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [185.216.177.71 listed in bl.score.senderscore.com]
 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
 The query to Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243
 for more information.
 [185.216.177.71 listed in sa-accredit.habeas.com]
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 SPF_PASS               SPF: sender matches SPF record
 1.2 INVALID_MSGID          Message-Id is not valid, according to RFC 2822
X-Debbugs-Envelope-To: 75017
Cc: Eli Zaretskii <eliz@HIDDEN>, acorallo@HIDDEN, monnier@HIDDEN,
 jm@HIDDEN, 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.2 (/)

Stefan Kangas <stefankangas@HIDDEN> writes:

> Eli Zaretskii <eliz@HIDDEN> writes:
>
>>> From: Stefan Kangas <stefankangas@HIDDEN>
>>> Date: Sun, 22 Dec 2024 17:36:15 +0000
>>> Cc: jm@HIDDEN, 75017 <at> debbugs.gnu.org, acorallo@HIDDEN
>>>
>>> Eli Zaretskii <eliz@HIDDEN> writes:
>>>
>>> >> From: Stefan Monnier <monnier@HIDDEN>
>>> >> Cc: john muhl <jm@HIDDEN>,  75017 <at> debbugs.gnu.org,  Eli Zaretskii
>>> >>  <eliz@HIDDEN>,  Andrea Corallo <acorallo@HIDDEN>
>>> >> Date: Sat, 21 Dec 2024 22:16:05 -0500
>>> >>
>>> >> > Maybe we should install something like the below?
>>> >>
>>> >> Fine by me, but I think this should be added via a new
>>> >> `trusted-content-function(s)` and added buffer-locally only in
>>> >> elisp-mode buffers.
>>> >
>>> > Sorry, but this is slippery slope.  For starters, no one said that
>>> > site-run-file is installed by a sysadmin -- that is only so on certain
>>> > systems.  For example, MS-Windows is generally not in that category.
>>>
>>> It doesn't matter who can edit it.  `site-run-file` is already trusted,
>>> since it is loaded at run-time before `user-init-file`.
>>
>> It is loaded if it is there.  On my system, there's no such file, and
>> I don't expect to have it.
>
> This seems orthogonal to the issue at hand.
>
> If you don't want to load `site-run-file`, you should use the
> --no-site-file flag.  (We should probably take that flag into account
> when saying if that file is `trusted-content-p` though.)


How does it make sense to not trust site-run-file when we trust the
site-lisp?
Further it is very likely or on Unix systems almost always the case that
Emacs was built by those who control the site-run-file. How is it
possible to trust them on the Emacs binary or anything elese included in
the Emacs package but not site-run-file?

>
> Without that flag, we load files in these well-known locations
> unconditionally.  In my view, it then makes little sense to worry about
> loading any `eval-when-compile` forms (or similar) in these files when
> byte-compiling them.  If they contain malicious code, that code has
> already been run when Emacs started, or it will be run the next time
> Emacs starts (e.g., if it has been modified after Emacs started).
>
> In other words, this case is quite analogous to `user-init-file`.
>
>> So if such a file somehow materializes there, I want to know, pronto.
>
> First, I note that it's likely already game over if an attacker can
> write to `site-init-file`, because they can then just as easily write to
> your init file (or other relevant files in `load-path`) instead.

Also by that point the attacker could already manipulate other files
such as the Emacs binary itself.

> But to do what you suggest, we would need to start with deciding under
> what circumstances it is not expected to find a file in this location,
> and then not just warn but refuse to load it if it meets that criteria.
> I don't know how to design such criteria.
>
> If we can figure out a way to do that, then I agree that it would be
> consistent not to treat this file as `trusted-content-p`, when it exists
> unexpectedly.

What about checking if the location of site-run-file machtes with the
location of the fiel during compilation e.g. by taking the value from
the pdump or configuring the check value into the executable without
pdump if that is better?
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 23 Dec 2024 17:53:49 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Dec 23 12:53:48 2024
Received: from localhost ([127.0.0.1]:56027 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPmcm-0001ZW-G9
	for submit <at> debbugs.gnu.org; Mon, 23 Dec 2024 12:53:48 -0500
Received: from fhigh-b7-smtp.messagingengine.com ([202.12.124.158]:60361)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <jm@HIDDEN>) id 1tPmck-0001ZF-Nx
 for 75017 <at> debbugs.gnu.org; Mon, 23 Dec 2024 12:53:47 -0500
Received: from phl-compute-11.internal (phl-compute-11.phl.internal
 [10.202.2.51])
 by mailfhigh.stl.internal (Postfix) with ESMTP id 9BCFC25401B1;
 Mon, 23 Dec 2024 12:53:40 -0500 (EST)
Received: from phl-mailfrontend-01 ([10.202.2.162])
 by phl-compute-11.internal (MEProxy); Mon, 23 Dec 2024 12:53:40 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pub.pink; h=cc
 :cc:content-transfer-encoding:content-type:content-type:date
 :date:from:from:in-reply-to:in-reply-to:message-id:mime-version
 :references:reply-to:subject:subject:to:to; s=fm1; t=1734976420;
 x=1735062820; bh=kZS/aIKagZB36OL/g9+k0P+m6OoeO6rSVO2tHuz1EUo=; b=
 aO+1gLyMiWz4/fYNtmNvtJgI2dGQ5wjd6Pmy8amRruTMCcyWuG51ezAyi+VA1S1I
 8jUSSxKbIk/DmDOL2z+jeqgNnREl9aBD8/cx9ZdJO0YTutol+awi9dhXW6LMVyFG
 e42uOFyOScd8+Q5ej7ICGskw80k5KMXclAeB7jaFAFm69mb9rz6GKMI0n5gL+6dn
 oGwyY2KvSyp0vBJMoRdGH8nNo5Pipv1+an7O0+kh1rYPlEURpT6fBkj2PCNWu8Qq
 b7OwflmSQlol49VVhp57Bu4iIZHGGZiDWl4lvnmDQR/xoaXDu6MrkvBUnS1KHbcf
 8cJg6LFGYDyvUe1yRhNFfA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-transfer-encoding
 :content-type:content-type:date:date:feedback-id:feedback-id
 :from:from:in-reply-to:in-reply-to:message-id:mime-version
 :references:reply-to:subject:subject:to:to:x-me-proxy
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1734976420; x=
 1735062820; bh=kZS/aIKagZB36OL/g9+k0P+m6OoeO6rSVO2tHuz1EUo=; b=i
 miNS2cfRLG8MOdpkxZBMwUlFdWubllKQm/PBUwCJavnInb8UQBOCrcYCR4R3kuG3
 1UrlDRyDNL780W1QwGrGSn5myB2TVVV4Pb3D/Xj3KOVhbrqrE3W1W2XnYig+FJ5K
 kGCleKAQ/wYlBqk4JHm5IwA6llNdjNm/CWrX8fX/zf+r0ZbKPMEavpsIZH8MU8h8
 /Et/v/6ilqNeybybYghfwerARNJYHE9oUgQMSv7miUFSferDU1q539j9OcJqTFfn
 woeKnadjLhcBLoAM5NvTUiDoSHrEoVeA+llopBsOS7ueGT9wXo6uNmyHH1hI2FAS
 t3irWCk9nrbDLpL6fZtEA==
X-ME-Sender: <xms:o6NpZ2zLfAA_KIiERQxDE19mOKCs6towpTD16onW1lce0Pk1zW_z9A>
 <xme:o6NpZyTBa8uKXxibQOufnB3X37auQV7xep-5w7NwSIbBi9m4x9ziXcjK7Cvy9iMad
 2NP_v543X9pe-FSSmw>
X-ME-Received: <xmr:o6NpZ4Xs96jntP0G6gNPoMY52OWdZ8H3OIY8oNydNztAL4oOfY6p9tCt_dyscDTcFdeckloclkdwDJeDTH1rpAX6dprQfng>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddrudduvddggedvucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu
 rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh
 htshculddquddttddmnecujfgurhephffvvefujghffgffkfggtgfgsehtqhertddtreej
 necuhfhrohhmpehjohhhnhcumhhuhhhluceojhhmsehpuhgsrdhpihhnkheqnecuggftrf
 grthhtvghrnhepgeevhedvtdetvdekuddvtddthefhvdfggfdvgfeitdejudehhfffjedt
 vdevveeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh
 epjhhmsehpuhgsrdhpihhnkhdpnhgspghrtghpthhtohepfedpmhhouggvpehsmhhtphho
 uhhtpdhrtghpthhtohepjeehtddujeesuggvsggsuhhgshdrghhnuhdrohhrghdprhgtph
 htthhopehmohhnnhhivghrsehirhhordhumhhonhhtrhgvrghlrdgtrgdprhgtphhtthho
 pegvlhhiiiesghhnuhdrohhrgh
X-ME-Proxy: <xmx:o6NpZ8iejlU-9Hko7AB_2bXRajvX3T9i8FSunvBcSnlFWyZ2L6Ii3g>
 <xmx:o6NpZ4APBZ3bocQdEX3qoL3_b8xxd64Jpd3SqQ-r4uiZ60yPOzY8Ag>
 <xmx:o6NpZ9I1-zEEZiaAWUYRwErSdpeyjB9LObz5xFaNAKXJLQA1Y3yyTQ>
 <xmx:o6NpZ_AnhiY2M43uP97HEncHmDNnppBawdM5cXvlv_RzY9LvLlxQuw>
 <xmx:pKNpZ7PD0ZK1MfSY8W5OOO26qPTo29bxJfRv3iORRj2PG53wfgkQOUEZ>
Feedback-ID: i74194916:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon,
 23 Dec 2024 12:53:39 -0500 (EST)
From: john muhl <jm@HIDDEN>
To: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
In-Reply-To: <86v7va4kj6.fsf@HIDDEN> (Eli Zaretskii's message of "Mon, 23 Dec
 2024 15:05:17 +0200")
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <87frmf9r3z.fsf@HIDDEN> <86v7va4kj6.fsf@HIDDEN>
User-Agent: mu4e 1.12.1; emacs 31.0.50
Date: Mon, 23 Dec 2024 11:53:38 -0600
Message-ID: <87h66ub80t.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 75017
Cc: 75017 <at> debbugs.gnu.org, Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Eli Zaretskii <eliz@HIDDEN> writes:

>> From: john muhl <jm@HIDDEN>
>> Cc: 75017 <at> debbugs.gnu.org
>> Date: Sun, 22 Dec 2024 18:32:00 -0600
>>=20
>> Specifically, I was surprised to find that user-init-file is
>> assumed safe but not early-init-file. After reading the
>> trusted-content part of the manual where it says =E2=80=9C=E2=80=A6which=
 means no
>> file is trusted.=E2=80=9D I assumed that included user-init-file. When I
>> saw that wasn=E2=80=99t the case I then assumed early-init-file would get
>> the same treatment. Maybe a little extra clarity there would be
>> sufficient for now.
>
> Maybe we should trust the early-init-file as well, but then where does
> this end?  The init files can load gobs of other files.  And there's
> also custom-file (when it isn't nil), desktop-dirname and
> desktop-base-file-name, etc. etc.

For Emacs 30 I=E2=80=99d end it with user-init-file, early-init-file and
custom-file. The latter is already an implicit part of trusting of
the user-init-file so it shouldn=E2=80=99t add any additional risk. The
former two are I think in the same category of presumed safeness
so distinguishing one as trusted and the other not seems odd.

Longer term I agree with you that more experience will lead to
better understanding of where to draw the line.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 23 Dec 2024 14:37:44 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Dec 23 09:37:44 2024
Received: from localhost ([127.0.0.1]:53849 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPjZ2-0000NM-38
	for submit <at> debbugs.gnu.org; Mon, 23 Dec 2024 09:37:44 -0500
Received: from mail-ed1-f44.google.com ([209.85.208.44]:59876)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <stefankangas@HIDDEN>) id 1tPjZ0-0000N9-4F
 for 75017 <at> debbugs.gnu.org; Mon, 23 Dec 2024 09:37:42 -0500
Received: by mail-ed1-f44.google.com with SMTP id
 4fb4d7f45d1cf-5d3e8f64d5dso7285628a12.3
 for <75017 <at> debbugs.gnu.org>; Mon, 23 Dec 2024 06:37:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1734964596; x=1735569396; darn=debbugs.gnu.org;
 h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
 :from:from:to:cc:subject:date:message-id:reply-to;
 bh=W7XQzFIC6rpyEob9QF84p+boiFKR8rbRx+3KhEHqbtA=;
 b=Kth/g6WRHkuMlxiqrkTNJzIHiRj0GusgjoVwjPiuaVCnCVGjcpQqlrSbDmppdMC9gv
 6D46iHtzFzS5ttHHh2Q/0MuJrm+B3QUj/lpxmXdwfrpMT4H7+O/h5Z5+8KdlPsjJ8D/N
 /5s5TfCiaVU9vRHiL9d7Y+etYXePAgoyqnTP5nW1Qoz9bNe4L5Ngi0haEqSGs8jsEp1X
 9u+CqHGRIiZ0RSJHPK/tXQ1m6RB5+G66iiEaXS5Btr85rxWQtUf1xasmdUPDkiO0Rh8w
 UEhs5M/zw5agJLZ3h7VIeWQILSdi/0t6QcdBASNoyPU4v1O3rrFix/Lr+l5oHalHuTHg
 9j1Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1734964596; x=1735569396;
 h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=W7XQzFIC6rpyEob9QF84p+boiFKR8rbRx+3KhEHqbtA=;
 b=V6gsRG3CGODCNDL9mn8859+32yfioCSMz0CZd8EIZPPu7A8RjlKU/3+VVUPXBYPb9r
 ZCKtcSsZOJ5E1bjLhR8ZT7BXHJUxc6Um9iB/VIuFxmv2CUv/wPd+k5geQnyzV6+L8e2N
 bF6x7oV7fYUHCYp6CTWOkG4Rnck+42NGy4LULDm3BJNYvNDPHbrX4N8o7sMOOUQGGo6j
 SOumkl4EvfmxzYJuCW9oesFWWTmWg6BvgEw9ADMlq9bcylbSETfIlsj6MXCC+97ZfiuS
 Q0iEK2rV5Q91Qr++jAgqJlPYwIxSJs7qov2GfjA0KduaXPl/NSQRV0jQDqCMaA/ydXAJ
 WqQA==
X-Forwarded-Encrypted: i=1;
 AJvYcCW7DsZ0v84h7PY+kkDzsgmEl+VYpwmv06ArnLuol1wIf22aFASwIDcdgsS5/cEH14kZcY+Big==@debbugs.gnu.org
X-Gm-Message-State: AOJu0YwoQgfndZj1A2xQCutcG6I9ZlPza0Z+xq81Ls8yhAHX4G1+baHi
 lm/Mgm4Q5XQb78XrCbWReG4W/kY4BufaS76VxDZlHktGrtHTlRNXtYcWUNJPJ3PUze925JAc+1F
 phnUAPvc9ooYFd1S2T/4fGo/Dogs=
X-Gm-Gg: ASbGncvTlNBfLmD2Rj6NfpLi7EDRe3kq926iQUlg/D3IsIqWqJCBH3R4Bpwe0twsCxk
 JHXCCsKiCPne7OnqOJhaeIO7D6K9/W3tvnRwbshA=
X-Google-Smtp-Source: AGHT+IErh4chF0wkSoy/LKhYDkpdLYpSFUyPj70ybG+dQwwSisFu9S35qoFI30qG9UNfMWk0oaIw7/QDGl0fgo+3OT0=
X-Received: by 2002:a05:6402:321b:b0:5d3:bc56:3b24 with SMTP id
 4fb4d7f45d1cf-5d81ddd6558mr13625514a12.4.1734964595988; Mon, 23 Dec 2024
 06:36:35 -0800 (PST)
Received: from 753933720722 named unknown by gmailapi.google.com with
 HTTPREST; Mon, 23 Dec 2024 14:36:35 +0000
From: Stefan Kangas <stefankangas@HIDDEN>
In-Reply-To: <865xna60oj.fsf@HIDDEN>
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN> <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN> <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
 <865xna60oj.fsf@HIDDEN>
MIME-Version: 1.0
Date: Mon, 23 Dec 2024 14:36:35 +0000
Message-ID: <CADwFkmk7A+KmWYuBcF3kQAuDJCi2Vx2san6xpJ6Y4T7PWkrYNw@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
To: Eli Zaretskii <eliz@HIDDEN>, Dmitry Gutov <dmitry@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.7 (/)
X-Debbugs-Envelope-To: 75017
Cc: jm@HIDDEN, 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.3 (/)

Eli Zaretskii <eliz@HIDDEN> writes:

>> Date: Sun, 22 Dec 2024 22:27:34 +0200
>> Cc: stefankangas@HIDDEN, jm@HIDDEN, 75017 <at> debbugs.gnu.org
>> From: Dmitry Gutov <dmitry@HIDDEN>
>>
>> On 22/12/2024 22:23, Eli Zaretskii wrote:
>> >> And Emacs will load whatever's written there on the next restart.
>> >> Whether the user wrote to those files, or someone else.
>> > Yes, and your point is..?
>>
>> That whatever malicious code we try to protect against using the
>> "trusted content" mechanism would be executed anyway.
>
> The scenario I have in mind is this:
>
>   . Emacs session is running; when it was started, there was no
>     site-init file
>   . User notices that site-init file appeared
>   . User visits the site-init file
>   . Malicious macro in site-init file is executed
>
> IOW, there could be valid situations where the user visits the file
> before restarting Emacs (which would load the file).  In these
> situations, it would make sense to treat the file as not trusted --
> unless the user tells us it should always be unconditionally trusted.

Thanks, I saw this post after sending my most recent reply.  I think the
above scenario is valid, but I don't think it's common.

However, if we want to mitigate that specific scenario, maybe we should
only treat `site-init-file` as `trusted-content-p` if a site-file
existed on Emacs startup.

While I do see a difference between `user-init-file` and
`site-init-file`, I think we should treat this set of files as
equivalent when it comes to `trusted-content-p`:

  user-init-file
  early-init-file
  site-init-file

Either they should all be `trusted-content-p`, or none of them should.
In other words, I believe that this part of my reply also still stands:

SK> First, I note that it's likely already game over if an attacker can
SK> write to `site-init-file`, because they can then just as easily write
SK> to your init file (or other relevant files in `load-path`) instead.

BTW, this all shows that Stefan Monnier is correct when he laments that
"trust sucks".  It really does.  We should implement proper sandboxing
when byte-compiling these files, using bwrap or similar.  Only when that
is done, can we have reasonably strong security guarantees.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 23 Dec 2024 14:29:40 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Dec 23 09:29:40 2024
Received: from localhost ([127.0.0.1]:53823 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPjRD-0008Nd-Hs
	for submit <at> debbugs.gnu.org; Mon, 23 Dec 2024 09:29:40 -0500
Received: from eggs.gnu.org ([209.51.188.92]:40518)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1tPjRA-0008NN-3x
 for 75017 <at> debbugs.gnu.org; Mon, 23 Dec 2024 09:29:37 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
 id 1tPjR3-0007G5-Gv; Mon, 23 Dec 2024 09:29:29 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
 mime-version; bh=V58zpPBQgg3dVMytgtxpE1rSDjkN0UQxivsmsCpv2sk=; b=rBMSs5i/OL9p
 PmL9iZ7lVuKDe8ZtrEpr9L31JIxvQo1Uj6uzQL7bbdc7IARlpXGzlQsI68Dmxw8CyKLuv/HnheSKD
 clgKS5IYn21XupKmOAK59M7PKIljdn5fAnCbBgM1oYvwR1IsfkzB1ZpBSatTSYC29bnNtIBmr6gwL
 LIcpLk/0BiMm6ckjKcWjAbblcH1QikL1B+cJAJECbRVGFtvID7qkHkCC6KvP7MHEA0H3MgBzIXvBH
 +S35TVvPeR731nxUJ0S5l7/G+r9vGGZT/yfQi+ZA3YveZEc3LPPJB7EnWN+pRGc2AD2kCQhog/Qdu
 E0fZM/YaMcXVZVgeKh7YdQ==;
Date: Mon, 23 Dec 2024 16:29:25 +0200
Message-Id: <86ikra4gmy.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Stefan Kangas <stefankangas@HIDDEN>
In-Reply-To: <CADwFkmmyqFoZ1b44asf+kRJXo3fxHoH+Aqj+kgB93N=DiHbhZg@HIDDEN>
 (message from Stefan Kangas on Mon, 23 Dec 2024 14:10:30 +0000)
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
References: <87bjx43gp7.fsf@HIDDEN>
 <CADwFkmk-W0ijE_4T0LMc3wqcp8BojQsb-+i998W6kZ2Hqnb2Wg@HIDDEN>
 <jwv4j2wcsvj.fsf-monnier+emacs@HIDDEN> <86h66w6yam.fsf@HIDDEN>
 <CADwFkmkAqcREmnqCodxgbS9uCVRHNmbtugJvRkpZLqZEgqonUA@HIDDEN>
 <86ikrb5zms.fsf@HIDDEN>
 <CADwFkmmyqFoZ1b44asf+kRJXo3fxHoH+Aqj+kgB93N=DiHbhZg@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 75017
Cc: acorallo@HIDDEN, jm@HIDDEN, monnier@HIDDEN,
 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Stefan Kangas <stefankangas@HIDDEN>
> Date: Mon, 23 Dec 2024 14:10:30 +0000
> Cc: monnier@HIDDEN, jm@HIDDEN, 75017 <at> debbugs.gnu.org, 
> 	acorallo@HIDDEN
> 
> Eli Zaretskii <eliz@HIDDEN> writes:
> 
> > So if such a file somehow materializes there, I want to know, pronto.
> 
> First, I note that it's likely already game over if an attacker can
> write to `site-init-file`, because they can then just as easily write to
> your init file (or other relevant files in `load-path`) instead.
> 
> But to do what you suggest, we would need to start with deciding under
> what circumstances it is not expected to find a file in this location,
> and then not just warn but refuse to load it if it meets that criteria.
> I don't know how to design such criteria.
> 
> If we can figure out a way to do that, then I agree that it would be
> consistent not to treat this file as `trusted-content-p`, when it exists
> unexpectedly.

I think this is over-engineering.  Yes, there are situations where it
makes sense to trust site-init-file.  No, they are not 100% of the
possible situations.  Which in my book means we should leave it to
users to decide whether to trust that file or not.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 23 Dec 2024 14:11:37 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Dec 23 09:11:37 2024
Received: from localhost ([127.0.0.1]:53800 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPj9k-0007RZ-FE
	for submit <at> debbugs.gnu.org; Mon, 23 Dec 2024 09:11:36 -0500
Received: from mail-ed1-f50.google.com ([209.85.208.50]:46116)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <stefankangas@HIDDEN>) id 1tPj9g-0007RO-0Q
 for 75017 <at> debbugs.gnu.org; Mon, 23 Dec 2024 09:11:34 -0500
Received: by mail-ed1-f50.google.com with SMTP id
 4fb4d7f45d1cf-5ceb03aadb1so5843797a12.0
 for <75017 <at> debbugs.gnu.org>; Mon, 23 Dec 2024 06:11:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1734963031; x=1735567831; darn=debbugs.gnu.org;
 h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
 :from:from:to:cc:subject:date:message-id:reply-to;
 bh=pU7p3fCC+J7Pbsn79VsRYethMVGfgn0yUTWngK/UtS0=;
 b=PnUHRHqzFvpnDG0OmyiKGH7vJ4xM/ukmMPGtPIkepZQDV8gMfFc6rneK5H4ycp5cVp
 09VESx/bsfi24QDKN2+RRXtepAXnBf7bjGeMzb1fJ+W8R1wJQBet3qa+XOiz2lYQ3WVF
 2euT8zii2VMS4I6/EBFhmVBvD6kyeW5900fDfGOtRYoKXkAcj+UpYHKatMx/MJuvjfJU
 p6kAsEGVjaQYfbrSduOhNOExTIzIp4xUBYIgHEAv4zZQHlUOyB5iW3qUusHkB2U897Rx
 QhO4iinNqZthEpCRMYHgg1Y+vqPRAqGZ+NGpLl19+Ae885ItEXDkagZI0NCJs6GJFHHf
 UUgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1734963031; x=1735567831;
 h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=pU7p3fCC+J7Pbsn79VsRYethMVGfgn0yUTWngK/UtS0=;
 b=udyiTo3LQTaRwdyF8VuRl1Ir2VPQB4IlUud0nwFj5+53XAxSZARDlBWMzP+xKo9SI/
 VUN43IhBceOgARSJ+Q9FnhmYP2C2S082f/enQnVyhNjERCphj1lh6G3l0Pb+tXOo75sH
 1ZWSpwd/yId4ptPHeA/4KttfqDlRbVSON+j029xO8jG8FI1X2emOAVYsri1xc46TendB
 3cLVNHSOifH1UeokFshVLZunPpjaBqEBTyeE0Lm1W3hvyglwlOETBnn1SepNY/lOK0xe
 0SEUfz+94Gna5yhSUfeH6oqwuzl43Bt25JxKOtH4dsOe8Wp3h04eXMYvczUYcH9HF+5S
 gXbg==
X-Forwarded-Encrypted: i=1;
 AJvYcCUgVxGZcfIrkxLndKBeeNw70MfCxd7b8HaYaHmYYCtpCF3yurmDnlFJmOJI1gr91vcdsy5Ggg==@debbugs.gnu.org
X-Gm-Message-State: AOJu0YyLKL5JtMUQKQAKIMoJ47+EYL8+iTUaiziuPVx2T7H4ylkTuhFf
 DxBhfYDnoVaBsFoluY4axfpzXzDc+OodpBxrOkfI9LE+UcOGP7sW+bpaxKUC2MenRezeyANiaGk
 an7kBJhGK/Jj9aGC9M+j22rNHntg=
X-Gm-Gg: ASbGncvIxaJvIoyA6mEymRIaS0cPIGVCxKapXfzf6y/5se12GyAE3eTW9RJgwcGQFSb
 hZKve02W4WA3JEVWBjYnlAbwRrSEMzQfKmFP55m4=
X-Google-Smtp-Source: AGHT+IF/0ycYOudodtK3nG0tBRwHry2qShWa+WWU2LcMryQm4OZogqwQMb4BwEjDX+xLWZvJOhf1NLNm4ZaC/1o5wuc=
X-Received: by 2002:a05:6402:270d:b0:5d0:c684:bae5 with SMTP id
 4fb4d7f45d1cf-5d81dd8fe3fmr9615559a12.13.1734963030714; Mon, 23 Dec 2024
 06:10:30 -0800 (PST)
Received: from 753933720722 named unknown by gmailapi.google.com with
 HTTPREST; Mon, 23 Dec 2024 14:10:30 +0000
From: Stefan Kangas <stefankangas@HIDDEN>
In-Reply-To: <86ikrb5zms.fsf@HIDDEN>
References: <87bjx43gp7.fsf@HIDDEN>
 <CADwFkmk-W0ijE_4T0LMc3wqcp8BojQsb-+i998W6kZ2Hqnb2Wg@HIDDEN>
 <jwv4j2wcsvj.fsf-monnier+emacs@HIDDEN> <86h66w6yam.fsf@HIDDEN>
 <CADwFkmkAqcREmnqCodxgbS9uCVRHNmbtugJvRkpZLqZEgqonUA@HIDDEN>
 <86ikrb5zms.fsf@HIDDEN>
MIME-Version: 1.0
Date: Mon, 23 Dec 2024 14:10:30 +0000
Message-ID: <CADwFkmmyqFoZ1b44asf+kRJXo3fxHoH+Aqj+kgB93N=DiHbhZg@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
To: Eli Zaretskii <eliz@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75017
Cc: acorallo@HIDDEN, jm@HIDDEN, monnier@HIDDEN,
 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Eli Zaretskii <eliz@HIDDEN> writes:

>> From: Stefan Kangas <stefankangas@HIDDEN>
>> Date: Sun, 22 Dec 2024 17:36:15 +0000
>> Cc: jm@HIDDEN, 75017 <at> debbugs.gnu.org, acorallo@HIDDEN
>>
>> Eli Zaretskii <eliz@HIDDEN> writes:
>>
>> >> From: Stefan Monnier <monnier@HIDDEN>
>> >> Cc: john muhl <jm@HIDDEN>,  75017 <at> debbugs.gnu.org,  Eli Zaretskii
>> >>  <eliz@HIDDEN>,  Andrea Corallo <acorallo@HIDDEN>
>> >> Date: Sat, 21 Dec 2024 22:16:05 -0500
>> >>
>> >> > Maybe we should install something like the below?
>> >>
>> >> Fine by me, but I think this should be added via a new
>> >> `trusted-content-function(s)` and added buffer-locally only in
>> >> elisp-mode buffers.
>> >
>> > Sorry, but this is slippery slope.  For starters, no one said that
>> > site-run-file is installed by a sysadmin -- that is only so on certain
>> > systems.  For example, MS-Windows is generally not in that category.
>>
>> It doesn't matter who can edit it.  `site-run-file` is already trusted,
>> since it is loaded at run-time before `user-init-file`.
>
> It is loaded if it is there.  On my system, there's no such file, and
> I don't expect to have it.

This seems orthogonal to the issue at hand.

If you don't want to load `site-run-file`, you should use the
--no-site-file flag.  (We should probably take that flag into account
when saying if that file is `trusted-content-p` though.)

Without that flag, we load files in these well-known locations
unconditionally.  In my view, it then makes little sense to worry about
loading any `eval-when-compile` forms (or similar) in these files when
byte-compiling them.  If they contain malicious code, that code has
already been run when Emacs started, or it will be run the next time
Emacs starts (e.g., if it has been modified after Emacs started).

In other words, this case is quite analogous to `user-init-file`.

> So if such a file somehow materializes there, I want to know, pronto.

First, I note that it's likely already game over if an attacker can
write to `site-init-file`, because they can then just as easily write to
your init file (or other relevant files in `load-path`) instead.

But to do what you suggest, we would need to start with deciding under
what circumstances it is not expected to find a file in this location,
and then not just warn but refuse to load it if it meets that criteria.
I don't know how to design such criteria.

If we can figure out a way to do that, then I agree that it would be
consistent not to treat this file as `trusted-content-p`, when it exists
unexpectedly.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 23 Dec 2024 13:05:33 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Dec 23 08:05:33 2024
Received: from localhost ([127.0.0.1]:53690 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPi7p-0004Lf-3D
	for submit <at> debbugs.gnu.org; Mon, 23 Dec 2024 08:05:33 -0500
Received: from eggs.gnu.org ([209.51.188.92]:56180)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1tPi7m-0004LQ-KQ
 for 75017 <at> debbugs.gnu.org; Mon, 23 Dec 2024 08:05:31 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
 id 1tPi7f-000379-NL; Mon, 23 Dec 2024 08:05:24 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From:
 Date; bh=x8/Um8zgV1r+aOyZG5Z8RaTo/4miOp4vPLtMBCSu9Ws=; b=Sr4btLjHOgPTi19huop8
 nKEFUEwXyeKqKPhhQAOBBA/ZfOLHFEG/ECumUSEO2Sbe/7Tglwh+fgloxnWIIMI7Xf/xg4b2v3H/Z
 5OQm488RnSnWkqpkuzVcSJEYBgtSuRsSUQNr4UCjBV9apKMnmvMW3vcrLeEr2cLcm2yHatZJ52m9m
 uR+CXdp8xDoXRjPoVO1zQNWQw6pEIkCHyDayfRAnJ8HjEuWThmqCME9sFJ11XtcuHHcNvnwXh4gZV
 YwNycFt0GDKVoN3+Wr+ZqMlZpzv4KdO0U14FUWf8sz0uOQOfkQckO5jJa7bXeJzpqpwaj0I4Heumw
 DHR5LwxSjIfu6Q==;
Date: Mon, 23 Dec 2024 15:05:17 +0200
Message-Id: <86v7va4kj6.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: john muhl <jm@HIDDEN>,
 Stefan Monnier <monnier@HIDDEN>
In-Reply-To: <87frmf9r3z.fsf@HIDDEN> (message from john muhl on Sun, 22 Dec
 2024 18:32:00 -0600)
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <87frmf9r3z.fsf@HIDDEN>
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 75017
Cc: 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: john muhl <jm@HIDDEN>
> Cc: 75017 <at> debbugs.gnu.org
> Date: Sun, 22 Dec 2024 18:32:00 -0600
> 
> Specifically, I was surprised to find that user-init-file is
> assumed safe but not early-init-file. After reading the
> trusted-content part of the manual where it says “…which means no
> file is trusted.” I assumed that included user-init-file. When I
> saw that wasn’t the case I then assumed early-init-file would get
> the same treatment. Maybe a little extra clarity there would be
> sufficient for now.

Maybe we should trust the early-init-file as well, but then where does
this end?  The init files can load gobs of other files.  And there's
also custom-file (when it isn't nil), desktop-dirname and
desktop-base-file-name, etc. etc.

Stefan, WDYT about this?
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 23 Dec 2024 12:31:25 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Dec 23 07:31:25 2024
Received: from localhost ([127.0.0.1]:53642 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPhan-0002kU-9m
	for submit <at> debbugs.gnu.org; Mon, 23 Dec 2024 07:31:25 -0500
Received: from eggs.gnu.org ([209.51.188.92]:37568)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1tPhak-0002kF-CH
 for 75017 <at> debbugs.gnu.org; Mon, 23 Dec 2024 07:31:23 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
 id 1tPhac-0007XN-IC; Mon, 23 Dec 2024 07:31:15 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
 mime-version; bh=Ws0nyru56Tp2TNzZhhH0L9EadqX4sto0aeEtoIS5Sgw=; b=D6O/k4hB35I0
 nn/nLcTz02qrg92qlYUKCr7UrYyqUtjkgs2po82AcLgynfnSTiMc/kRZXpCDCFbhPCKxALfvOMMyT
 Ceq6vhQadSYXBWYM9e5HyOrRttJLzLv5DJZDJTDubGcaeUNGen7+6snaYihRa8XLjhzeHJ0LK3CUP
 FHRbVESI1PJJSzB6hOrTcssRZ1mZ7VlWxy1z7AePoCATpErcI1OkzQwyNTXFb5TcevsFYmfoXU8vX
 DT+JmP8x633dR/DS6xclL7wfK7sth29DxrwbCGe7DkBLV8k4cXXUpthsKLrqa0dMqZELaBaat3OSO
 ItbHND8y8tepT3TEPcYwbw==;
Date: Mon, 23 Dec 2024 14:31:08 +0200
Message-Id: <865xna60oj.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Dmitry Gutov <dmitry@HIDDEN>
In-Reply-To: <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN> (message from
 Dmitry Gutov on Sun, 22 Dec 2024 22:27:34 +0200)
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN> <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN> <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
X-Spam-Score: -1.6 (-)
X-Debbugs-Envelope-To: 75017
Cc: jm@HIDDEN, stefankangas@HIDDEN, 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.6 (--)

> Date: Sun, 22 Dec 2024 22:27:34 +0200
> Cc: stefankangas@HIDDEN, jm@HIDDEN, 75017 <at> debbugs.gnu.org
> From: Dmitry Gutov <dmitry@HIDDEN>
> 
> On 22/12/2024 22:23, Eli Zaretskii wrote:
> >> And Emacs will load whatever's written there on the next restart.
> >> Whether the user wrote to those files, or someone else.
> > Yes, and your point is..?
> 
> That whatever malicious code we try to protect against using the 
> "trusted content" mechanism would be executed anyway.

The scenario I have in mind is this:

  . Emacs session is running; when it was started, there was no
    site-init file
  . User notices that site-init file appeared
  . User visits the site-init file
  . Malicious macro in site-init file is executed

IOW, there could be valid situations where the user visits the file
before restarting Emacs (which would load the file).  In these
situations, it would make sense to treat the file as not trusted --
unless the user tells us it should always be unconditionally trusted.

IMO, we should only make files and directories trusted by default if
we are either 100% sure they can never be malicious, or 100% sure they
will always be loaded before they are visited.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 23 Dec 2024 00:32:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 22 19:32:11 2024
Received: from localhost ([127.0.0.1]:52514 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPWMk-0002UA-Rq
	for submit <at> debbugs.gnu.org; Sun, 22 Dec 2024 19:32:11 -0500
Received: from fhigh-b4-smtp.messagingengine.com ([202.12.124.155]:44105)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <jm@HIDDEN>) id 1tPWMi-0002Tu-05
 for 75017 <at> debbugs.gnu.org; Sun, 22 Dec 2024 19:32:10 -0500
Received: from phl-compute-09.internal (phl-compute-09.phl.internal
 [10.202.2.49])
 by mailfhigh.stl.internal (Postfix) with ESMTP id 20E2C254010D;
 Sun, 22 Dec 2024 19:32:02 -0500 (EST)
Received: from phl-mailfrontend-02 ([10.202.2.163])
 by phl-compute-09.internal (MEProxy); Sun, 22 Dec 2024 19:32:02 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pub.pink; h=cc
 :cc:content-transfer-encoding:content-type:content-type:date
 :date:from:from:in-reply-to:in-reply-to:message-id:mime-version
 :references:reply-to:subject:subject:to:to; s=fm1; t=1734913921;
 x=1735000321; bh=IxnRHTs0gJjwazy/KghjR5kAlHFERVRAqcRyhZYez0I=; b=
 dDQ8ZlUt4BqFxWegNAMU1jqM/xhAVe6IHIqA4H5udLayyfnpzSLBX1503Rv2yk/x
 WoCbVHCVyQlAag4V9lIeaGG4P1drPzGERHE9tOUirtdbSBZm+G6X0Jk6WXYtccEN
 Z7CgwZ+el3OB0BGkSs20BdTgzg0ogYhgu4+r1WTZ0x9eOLx1XIYdfxTjq8uY2aJK
 T+x7lHD6V3QG882yMGJ2FGcpZrqsuvPKn+axwSc4WXdymgCvI1hxEWhQns6JImSW
 8IS3K1yBRaGE7AahpnZHdGWz4u7CWGqJ3W70SEs5E4b/3zkB3pjeaeUaCvahMI6F
 vrxu0wzp3r8LR1HuvZb/lg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-transfer-encoding
 :content-type:content-type:date:date:feedback-id:feedback-id
 :from:from:in-reply-to:in-reply-to:message-id:mime-version
 :references:reply-to:subject:subject:to:to:x-me-proxy
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1734913921; x=
 1735000321; bh=IxnRHTs0gJjwazy/KghjR5kAlHFERVRAqcRyhZYez0I=; b=p
 EGfrxTy14oRkKNYg0siDrbEStTogf412jruITte48PCozhsn+lrYl1N10TivBMcV
 Sy11nOUq+6fKExMrhfd4/zNEgJhFhzUVT93x1mrKNxYusBY70KrDeI48MwFtGj7U
 bhlKOeJX5HS0rBC0wfpn3rG/OFtC4fZMxAZSOmt9GladtdYsDqx5V5WG/fyo5tMj
 J77AXKt6A/sxH9DxWvpsY/1X0zE414/kb1iXHsrwgdnuJwNlJ7XYkBPdOcLz/xIR
 SzPUhhYpmX+hBfFICfECgI7m0ZADqO8UOzE3FUiHzE1thqiKzF0rDrCGd5qMo8mY
 WC59+265CjQx1ENvsBYjw==
X-ME-Sender: <xms:ga9oZ8xeYR0oLTB7ovb4iZoBUHw709HTvkyUiYRXRsA1NWPbrIoqsA>
 <xme:ga9oZwTBppFD0yjB6LNL-OzHxIT0RsVWtWrLN5dDS8gru4SdbE1ttRPzhNmqP1Toh
 iCpds7Avd2JcNmT-04>
X-ME-Received: <xmr:ga9oZ-UeejSKyqp-_hSZJ_HBNCJbnnlek2IdKCm6mqD_yDKAGwlINpm3NQhDzJrpSDH48bAnoRgFr5WXEDsZ2xC7k1PhG3A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddtledgvdefucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu
 rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh
 htshculddquddttddmnecujfgurhephffvvefujghffgffkfggtgfgsehtqhertddtreej
 necuhfhrohhmpehjohhhnhcumhhuhhhluceojhhmsehpuhgsrdhpihhnkheqnecuggftrf
 grthhtvghrnhepgeevhedvtdetvdekuddvtddthefhvdfggfdvgfeitdejudehhfffjedt
 vdevveeknecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh
 epjhhmsehpuhgsrdhpihhnkhdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtphho
 uhhtpdhrtghpthhtohepjeehtddujeesuggvsggsuhhgshdrghhnuhdrohhrghdprhgtph
 htthhopegvlhhiiiesghhnuhdrohhrgh
X-ME-Proxy: <xmx:ga9oZ6hRwGWGSwsY-1tfoKf5AVwEiqQfq9I1XttOzUM5JIJaaiZjNQ>
 <xmx:ga9oZ-B4Y0-g6z5_FgptO4U-UUXCBR_Mf1jG9L8Imt0-GYx_3E2wBw>
 <xmx:ga9oZ7JTWlu9cxvkIeIsXzm8jPKgGTVXjLrwXTdULE3xztVy_0jI4Q>
 <xmx:ga9oZ1AgXQNuYw4YkDwBxCp-_6QGsl8KgWdIwUDTIkcFg6huyqZgcw>
 <xmx:ga9oZxPCEFnSuPIkEE3jZjp9Y9dVkXgmtO0WwPtNu3dAGlBFe46lGSme>
Feedback-ID: i74194916:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun,
 22 Dec 2024 19:32:01 -0500 (EST)
From: john muhl <jm@HIDDEN>
To: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
In-Reply-To: <86frmg6xzf.fsf@HIDDEN> (Eli Zaretskii's message of "Sun, 22 Dec
 2024 08:19:32 +0200")
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
User-Agent: mu4e 1.12.1; emacs 31.0.50
Date: Sun, 22 Dec 2024 18:32:00 -0600
Message-ID: <87frmf9r3z.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 75017
Cc: 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Eli Zaretskii <eliz@HIDDEN> writes:

>> From: john muhl <jm@HIDDEN>
>> Date: Sat, 21 Dec 2024 14:48:52 -0600
>>=20
>> user-init-file is trusted by default but not other user files.
>>=20
>>   C-xf ~/.emacs.d/early-init.el
>>   M-x flymake-mode
>>=20
>> Produces a warning:
>>=20
>>   Disabling elisp-flymake-byte-compile in early-init.el (untrusted conte=
nt)
>>=20
>> custom-file (when not the same as user-init-file) also causes a
>> warning. Should these also be trusted by default?
>
> No, not IMO.  Please add those files you know you can trust to the
> list of trusted files, and let's see if that works well for you.  If,
> after you have used that for some time, you have observations to
> report or changes to suggest, please do, but let's please base such
> observations on some sufficiently significant (read: long enough)
> experience.

Sure. That=E2=80=99s what I=E2=80=99ve done and it=E2=80=99ll certainly wor=
k for me. I
very rarely need to deal with untrusted files so of all Emacs
users I=E2=80=99ll be among those affected the least.

>> What about files put in place by a system admin or your distro=E2=80=99s
>> Emacs package (e.g. site-run-file, default.el)? They generally
>> require root priviledges to install so if they can=E2=80=99t be trusted
>> you=E2=80=99re already in trouble.
>
> On my system, these files do not need any admin privileges, so I don't
> think we should trust them by default.  Users who know that these
> files are modified only by trusted admins can and probably should add
> them to the list of trusted files, if they need that (in general,
> there should be no need to run Flymake in those files, in which case
> these files don't need to be added even if they are trusted).
>
> Btw, if we are talking about trusted admins, then entire directories
> should be trusted, for example /usr/share or /usr/share/emacs.
> There's a reason why we didn't do that by default.

Makes sense. These system files were a bit of a tangent to what
triggered this issue.

Specifically, I was surprised to find that user-init-file is
assumed safe but not early-init-file. After reading the
trusted-content part of the manual where it says =E2=80=9C=E2=80=A6which me=
ans no
file is trusted.=E2=80=9D I assumed that included user-init-file. When I
saw that wasn=E2=80=99t the case I then assumed early-init-file would get
the same treatment. Maybe a little extra clarity there would be
sufficient for now.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 22 Dec 2024 20:27:45 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 22 15:27:45 2024
Received: from localhost ([127.0.0.1]:52096 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPSYD-00082o-BH
	for submit <at> debbugs.gnu.org; Sun, 22 Dec 2024 15:27:45 -0500
Received: from fhigh-a1-smtp.messagingengine.com ([103.168.172.152]:43445)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <dmitry@HIDDEN>) id 1tPSYB-00082a-Tx
 for 75017 <at> debbugs.gnu.org; Sun, 22 Dec 2024 15:27:44 -0500
Received: from phl-compute-12.internal (phl-compute-12.phl.internal
 [10.202.2.52])
 by mailfhigh.phl.internal (Postfix) with ESMTP id B4E081140136;
 Sun, 22 Dec 2024 15:27:38 -0500 (EST)
Received: from phl-mailfrontend-02 ([10.202.2.163])
 by phl-compute-12.internal (MEProxy); Sun, 22 Dec 2024 15:27:38 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gutov.dev; h=cc
 :cc:content-transfer-encoding:content-type:content-type:date
 :date:from:from:in-reply-to:in-reply-to:message-id:mime-version
 :references:reply-to:subject:subject:to:to; s=fm3; t=1734899258;
 x=1734985658; bh=dApXVslb6cuiNDPNTVQy6LT4VGcdGNhquIz8BAcL6n4=; b=
 lfLfOpl7CdUH2UutGcTK1AHUb/oi8CHQFBhGKxD6UnRwaQ8RTWYLD6nljqeP/6Jx
 7FdhPBPTQ566sMJDFjDn6AiY+uE6NyM+bLzbr2IHzArQaNEoXxZMR/yaUx4P5PwL
 vkNNJr/CLaiIq6IltEeQue10Jnbi2CYgihP3m27K0UN5pIKD85BUFRA49SNmu4G6
 73GaPToHdq1KkrjaR8JE27rmRSg75jbxMyLtGEEgMi5kakV8TngbzJZzE+i9bctb
 hnMeOUFivs25IBPZ/zHIV7z/OBBq4//SkAWhoy5/RpKDF6Z/x8FrVE2RT5BMuXCk
 E28rsB7QviOvPju5E4fqMg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-transfer-encoding
 :content-type:content-type:date:date:feedback-id:feedback-id
 :from:from:in-reply-to:in-reply-to:message-id:mime-version
 :references:reply-to:subject:subject:to:to:x-me-proxy
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1734899258; x=
 1734985658; bh=dApXVslb6cuiNDPNTVQy6LT4VGcdGNhquIz8BAcL6n4=; b=F
 MuWGdhZGxgsRtNB6r44z8AtWiJ9cWngaESDjxHZyoZWlCX05e5Erd5+qoOc7Tke/
 Sop62Zf+qswRfQ+IJ+GNiJyOG9uySYdlbHZ9+zH+sqozO9nX2wIHJ5UcRmkXVxiH
 lMg+MQfR0NBK1S4uqau73B0UeAmULHctcnohLESK6GHj/3d6smNmAP6z6qNJjCfv
 S2nQJ5T5TkTwpRuTkoT4ms9vodp1USS8EMrdramtqHi/GPu0/9GVh+vgPmCO5ZzT
 jz7pk5kS3OIPwzJZkec1bxbi2klK5kixJFNGUoBLSHmjwV5Cqq3eOrkPO/8HG0A6
 WfUKwqxftbsxlaC28OtPw==
X-ME-Sender: <xms:OnZoZ4rzNPkQ9tl4erD9OlA-4sqLlsCgBNF3Wv0TtcvCj0u1bdYlqw>
 <xme:OnZoZ-rJhyUV9KYyc2ITRBS5IvxGM8lqxnsbdXDdTo3D_rVLGj0s4ABZ8Fu_hk5wL
 qYeRKx2wpO3Nokey7A>
X-ME-Received: <xmr:OnZoZ9OMUQETCIgWWYBlpdlafX5Vj_eu5d6gZx9ydgQrgVUe3J8z4-dHd9ZSblQIT4Tr>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddtkedgudefiecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp
 uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivg
 hnthhsucdlqddutddtmdenucfjughrpefkffggfgfuvfevfhfhjggtgfesthejredttddv
 jeenucfhrhhomhepffhmihhtrhihucfiuhhtohhvuceoughmihhtrhihsehguhhtohhvrd
 guvghvqeenucggtffrrghtthgvrhhnpeetudeljeegheetgfehgeejkeeuhedvveeikeeu
 fedtvddtveefhfdvveegudejheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmh
 epmhgrihhlfhhrohhmpegumhhithhrhiesghhuthhovhdruggvvhdpnhgspghrtghpthht
 ohepgedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepvghlihiisehgnhhurdhorh
 hgpdhrtghpthhtohepshhtvghfrghnkhgrnhhgrghssehgmhgrihhlrdgtohhmpdhrtghp
 thhtohepjhhmsehpuhgsrdhpihhnkhdprhgtphhtthhopeejhedtudejseguvggssghugh
 hsrdhgnhhurdhorhhg
X-ME-Proxy: <xmx:OnZoZ_7zpeUf7CiZis9JO4Uc39-e8hxPSFuwdkiM3Ks_sgNrgJV8HQ>
 <xmx:OnZoZ37bSk9F0h7U34ecj1NHYnccHnM6kGMRf_I-C2LPDl2YueaalA>
 <xmx:OnZoZ_hEISEv1O2pQbQKY9OzDiLgrQ0SW7C5L0JylXM-CnQ-XSoXmw>
 <xmx:OnZoZx6_XhaM_RxSYFpOy43NN3szUXCb1WfXGPK1auhZ8-nNdSA1oQ>
 <xmx:OnZoZ63TMVFWnSIQEVu3NImikj4OvFBb35z_i5GZgXUU15zcpEzImFsU>
Feedback-ID: i07de48aa:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun,
 22 Dec 2024 15:27:37 -0500 (EST)
Message-ID: <36eb8d61-cf0c-4ac9-a679-252a46a874ee@HIDDEN>
Date: Sun, 22 Dec 2024 22:27:34 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
To: Eli Zaretskii <eliz@HIDDEN>
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN> <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
 <868qs75uwp.fsf@HIDDEN>
Content-Language: en-US
From: Dmitry Gutov <dmitry@HIDDEN>
In-Reply-To: <868qs75uwp.fsf@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75017
Cc: jm@HIDDEN, stefankangas@HIDDEN, 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On 22/12/2024 22:23, Eli Zaretskii wrote:
>> And Emacs will load whatever's written there on the next restart.
>> Whether the user wrote to those files, or someone else.
> Yes, and your point is..?

That whatever malicious code we try to protect against using the 
"trusted content" mechanism would be executed anyway.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 22 Dec 2024 20:23:44 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 22 15:23:44 2024
Received: from localhost ([127.0.0.1]:52082 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPSUJ-0007qB-S0
	for submit <at> debbugs.gnu.org; Sun, 22 Dec 2024 15:23:44 -0500
Received: from eggs.gnu.org ([209.51.188.92]:39442)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1tPSUH-0007pu-QR
 for 75017 <at> debbugs.gnu.org; Sun, 22 Dec 2024 15:23:43 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
 id 1tPSUC-0006S4-1o; Sun, 22 Dec 2024 15:23:36 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
 mime-version; bh=iAedYlk3PJm1OZ5vZz9zmoKxv/UdmjHqfsIOjCoh2N0=; b=Rw8ZIXN/Tu+1
 xCWLdBBRILQD2RCL6sI8870OPEyRujxCzRoRy3hlI1xdoVvO4Y6Zp5SomzwbT8JrTZyUqmgqIKx7B
 F85rNiWBZ8Xx1AH7ZxKfgBAwEmv4hv0fHNymcLVVOiQ4phhTLg+gI44BcGT0zi6nkZER/fVSABJaW
 BIeBEtocI2u/b3v5DBCJryGjxo+ECoWkOI+rSVcBMEuDZ+DsyU3TUHrtgNZloGD19faXXOsRaiwY/
 nwYc+JASIMvVOWBdVJtSuMAiLnkzA6ea7AEsaV40wHPZLznSxA489Dy4QAWZ/E36Wjx+6sxswjyjY
 5oyGx7f/seUq5EcebAHwpg==;
Date: Sun, 22 Dec 2024 22:23:34 +0200
Message-Id: <868qs75uwp.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Dmitry Gutov <dmitry@HIDDEN>
In-Reply-To: <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN> (message from
 Dmitry Gutov on Sun, 22 Dec 2024 21:52:28 +0200)
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN> <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
X-Spam-Score: -1.6 (-)
X-Debbugs-Envelope-To: 75017
Cc: jm@HIDDEN, stefankangas@HIDDEN, 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.6 (--)

> Date: Sun, 22 Dec 2024 21:52:28 +0200
> Cc: jm@HIDDEN, 75017 <at> debbugs.gnu.org
> From: Dmitry Gutov <dmitry@HIDDEN>
> 
> On 22/12/2024 20:38, Eli Zaretskii wrote:
> > And let's not forget that various packages write to the init files, so
> > not everything there was written by the user.
> 
> And Emacs will load whatever's written there on the next restart. 
> Whether the user wrote to those files, or someone else.

Yes, and your point is..?
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 22 Dec 2024 19:52:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 22 14:52:42 2024
Received: from localhost ([127.0.0.1]:52015 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPS0H-0006Ok-Ua
	for submit <at> debbugs.gnu.org; Sun, 22 Dec 2024 14:52:42 -0500
Received: from fhigh-a8-smtp.messagingengine.com ([103.168.172.159]:44479)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <dmitry@HIDDEN>) id 1tPS0F-0006OU-JE
 for 75017 <at> debbugs.gnu.org; Sun, 22 Dec 2024 14:52:40 -0500
Received: from phl-compute-06.internal (phl-compute-06.phl.internal
 [10.202.2.46])
 by mailfhigh.phl.internal (Postfix) with ESMTP id 801A011400A9;
 Sun, 22 Dec 2024 14:52:34 -0500 (EST)
Received: from phl-mailfrontend-02 ([10.202.2.163])
 by phl-compute-06.internal (MEProxy); Sun, 22 Dec 2024 14:52:34 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gutov.dev; h=cc
 :cc:content-transfer-encoding:content-type:content-type:date
 :date:from:from:in-reply-to:in-reply-to:message-id:mime-version
 :references:reply-to:subject:subject:to:to; s=fm3; t=1734897154;
 x=1734983554; bh=/KS+ADdBuJykM3MgWK4KZVsdUdmg12NzV6ecxI+7HfM=; b=
 VYUGBEKe6hpUZs7G6hh0Qx6tAXq70T7bMf3ou63uPm9vSNj9yxarCaO6QQQQ0xst
 eww+y3xOlqt+fFYie1x3SbgWqy1Fa+WjueXTBBDa8z4CeJ8btaWMysECAF8OKE/i
 xIaGq8EzG+m+osv+M0Z7bVsE/dn/sSzwbxd5HRZrRelj0j1X80yxDC4rbvRiuu1v
 ymwz8E8iMuqnZgJ8WaDoRdznGXr2Rlqr3hbZehaBgQsth9eLElhmpo4yVee1/KFC
 b8ipPU8pALQmg3ATPKNdtx45B3dF8m2gQ01pvoJEgSc2UANSpSbv4UtgwNctopVq
 aEoTRQywrnTiG1ypT+0p2g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-transfer-encoding
 :content-type:content-type:date:date:feedback-id:feedback-id
 :from:from:in-reply-to:in-reply-to:message-id:mime-version
 :references:reply-to:subject:subject:to:to:x-me-proxy
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1734897154; x=
 1734983554; bh=/KS+ADdBuJykM3MgWK4KZVsdUdmg12NzV6ecxI+7HfM=; b=q
 9kSJgSVK4YJ53j18io7i6ksq+XpiQDkY7mVqwg7xzGXGJqGGM+geOg7ctFdbSMZZ
 pH5Q2OcUIO0aSVAlgUFWEMc8PdIXTiostv2xznJHZ2buUtwKcwHScDooAcOgTxCS
 ARh/6/EaSv1zSPWKhG1ahPHerQDnBkJ+E/HRSZFza0Zia0kJ6ovpDxoXzmUUpFcx
 wDl/9DyxTu+8n04UmB1+CvY22KB96qNEMz8Urd9acBEJE+E/13SYang/t5lxIHyN
 M1UOOQ4qkuAmV06aNKVsDxQn3ktK88gCbBikPQUMCuCDcaI+G6HG8U/Ue/si/YCx
 QMDQfJ7l8j+rkONxbnjfQ==
X-ME-Sender: <xms:Am5oZ2YxicX0jxyuhqmjHS9lIUhUT-1HCDF1XCTnnZ5zIxm7DJzrEQ>
 <xme:Am5oZ5bIyaNaBxhomETpgEw2ta48gYMBx0pSkErnyWmFznZH6mUu073ia7lGgzvzs
 oBZHskxGsPTsncDF0s>
X-ME-Received: <xmr:Am5oZw-EyfzwcVzoQhF8NC0EJLaJRFekKzvAZWD_MIWGSA71704YT4wio5nhpuIUmCK0>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddtkedguddvlecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp
 uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivg
 hnthhsucdlqddutddtmdenucfjughrpefkffggfgfuvfevfhfhjggtgfesthejredttddv
 jeenucfhrhhomhepffhmihhtrhihucfiuhhtohhvuceoughmihhtrhihsehguhhtohhvrd
 guvghvqeenucggtffrrghtthgvrhhnpeetudeljeegheetgfehgeejkeeuhedvveeikeeu
 fedtvddtveefhfdvveegudejheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmh
 epmhgrihhlfhhrohhmpegumhhithhrhiesghhuthhovhdruggvvhdpnhgspghrtghpthht
 ohepgedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepvghlihiisehgnhhurdhorh
 hgpdhrtghpthhtohepshhtvghfrghnkhgrnhhgrghssehgmhgrihhlrdgtohhmpdhrtghp
 thhtohepjhhmsehpuhgsrdhpihhnkhdprhgtphhtthhopeejhedtudejseguvggssghugh
 hsrdhgnhhurdhorhhg
X-ME-Proxy: <xmx:Am5oZ4ogKrMC8iLccXv-RedexRAz2S70ENDuNJV5bQskLQKlZBNYZQ>
 <xmx:Am5oZxqbpwlp0y_qUW1kkKGifiI0JNN5Excsb6XGCKUUx5nwjJQFTw>
 <xmx:Am5oZ2QClbqgF30g0R4dbSEhgurKd_OVckVL1YgAJZ8JSFLY2TRfvg>
 <xmx:Am5oZxpuZbC3Sh4kOhxXz962jzVLUF1lv-mE4X72SDwg1JZp7b9fvQ>
 <xmx:Am5oZynmKCFQuAhmadWPm2pZsh78hXtUNs-YVHjViqMUeKUo0167foRw>
Feedback-ID: i07de48aa:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun,
 22 Dec 2024 14:52:32 -0500 (EST)
Message-ID: <9a4969f4-858e-4493-a69f-8ca9b2861917@HIDDEN>
Date: Sun, 22 Dec 2024 21:52:28 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
To: Eli Zaretskii <eliz@HIDDEN>, Stefan Kangas <stefankangas@HIDDEN>
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 <86ldw75zrd.fsf@HIDDEN>
Content-Language: en-US
From: Dmitry Gutov <dmitry@HIDDEN>
In-Reply-To: <86ldw75zrd.fsf@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75017
Cc: jm@HIDDEN, 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On 22/12/2024 20:38, Eli Zaretskii wrote:
> And let's not forget that various packages write to the init files, so
> not everything there was written by the user.

And Emacs will load whatever's written there on the next restart. 
Whether the user wrote to those files, or someone else.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 22 Dec 2024 18:48:14 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 22 13:48:14 2024
Received: from localhost ([127.0.0.1]:51897 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPQzt-00035z-Qk
	for submit <at> debbugs.gnu.org; Sun, 22 Dec 2024 13:48:14 -0500
Received: from mx0b-00069f02.pphosted.com ([205.220.177.32]:25018)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <drew.adams@HIDDEN>) id 1tPQzr-00035q-9a
 for 75017 <at> debbugs.gnu.org; Sun, 22 Dec 2024 13:48:12 -0500
Received: from pps.filterd (m0246631.ppops.net [127.0.0.1])
 by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4BMCtsEr011336;
 Sun, 22 Dec 2024 18:48:09 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=cc
 :content-transfer-encoding:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to; s=
 corp-2023-11-20; bh=EjrpdBCyXgSCmcokKRk4xw9h8qWMHfMdGI4glakge1Y=; b=
 PkGaIDjeMm6w24PYzHl3/VLmW4PHIs+tLqJj+tnewKXVlFRXO4W4uXqbA6ancbzo
 MkBxtX351ysaWuRprRlo1zlI1Vl8XxZeuXiBlPQvgyu0vyn3XHZoZmhT37LCT9pj
 IQzd8sgF/Yqk6kQa9atp9nZ7U1VmYY2AvUExaL+SzwhOzpmKB/IRFYQJOB5PHcIl
 nH0lpMVkU1dLzSQ3m1lYzbv3qCWYLn3it3/kZueSAicYslkoMKse+ErLpXW9+bLC
 Rko4ca0NpJlrogtwjKlrDZCGaVzKQBiRwaixrNF/ZjKJeTVcDQsI7WMAgLO7LeOY
 5gM6zDLchlnxyhtIMTPzDw==
Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com
 (phxpaimrmta01.appoci.oracle.com [138.1.114.2])
 by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 43nq6s96hp-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Sun, 22 Dec 2024 18:48:09 +0000 (GMT)
Received: from pps.filterd
 (phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1])
 by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (8.18.1.2/8.18.1.2)
 with ESMTP id 4BMDYmQ5020608; Sun, 22 Dec 2024 18:48:08 GMT
Received: from nam11-co1-obe.outbound.protection.outlook.com
 (mail-co1nam11lp2168.outbound.protection.outlook.com [104.47.56.168])
 by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id
 43nm469cyn-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Sun, 22 Dec 2024 18:48:08 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=oCPUdTSnzUGyi89epydfEuPBCxDtO760jphtniV4Xrg0hXcuQXanrzyw2yuPzul+Zek07zmPl1ONjWa9ute5xQq9apffvnbY2AdPH3xAfCPfCqIZ20zDvIAK8ERcOvdUGuR8PiERJHvzDVpK3pAayCEbGo7FZUtmOUiNjF4iqlSOKS8sSGc3lzah32V5HBD+cCoymF1ESdXHEB/pNaXjk7n7dK9zLcjjpCqel/NoHNczE9k7x/DZ0y+t54iWHAFPlEISvqyUc5iY1VCv2dT12nDyM6yqU9cnBejB1GiVJkrXt6PkfuXACYnMYq/EVRW+X1bs1447IPR3YeOi6VyVBg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=EjrpdBCyXgSCmcokKRk4xw9h8qWMHfMdGI4glakge1Y=;
 b=qWsduWoCHw5OVtKzJlH62KIjcpv7bx/BwVOGom5mvXAM/DygZfgG1CBT8JDmXfcGJVIpxb6a8Pr400y5g3ZEZOTc//TieQKDtI8C4ThR6C7Rdb3uqcgZuMI3TRF3Qy1LR1Tz7tpBB2A9dAR2+uk78Osi9oph5/sGmE9qZLJ5l9knsOISgWUkoLq1BiruCFRYIBYMg4wao95xNsicOvQvDApgVC5tSnURBjKrT7ifVCyqKhr7+dTLbxPsNsaA05Miejt/KrP9sVDj/kSeM+CWV+ItJI9q3TrTzGhB87qm5vjs6G7CAjDI8Q0zMNcqOWtEfeRnQl4HUtAbO7s6inbsdg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com;
 dkim=pass header.d=oracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=EjrpdBCyXgSCmcokKRk4xw9h8qWMHfMdGI4glakge1Y=;
 b=vCSI6kzMdRVSOwc0/wzfo8TL1L3y79ZKHjNef33DLjHPv1apIj6G+e8w9MkUi6TKWX3ndIYvbdaEvHuqAn8POkNFWy6YXgNHubvjKHeiEsncavXrmxb0CQHoi7w7ExqWklaVeJBk8UOYa2/nw9gFeFz+DnPmXJz89Vz765z4HcM=
Received: from DS7PR10MB5232.namprd10.prod.outlook.com (2603:10b6:5:3aa::24)
 by SN4PR10MB5622.namprd10.prod.outlook.com (2603:10b6:806:209::18) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8272.19; Sun, 22 Dec
 2024 18:47:49 +0000
Received: from DS7PR10MB5232.namprd10.prod.outlook.com
 ([fe80::8303:658f:14f8:2324]) by DS7PR10MB5232.namprd10.prod.outlook.com
 ([fe80::8303:658f:14f8:2324%5]) with mapi id 15.20.8272.013; Sun, 22 Dec 2024
 18:47:49 +0000
From: Drew Adams <drew.adams@HIDDEN>
To: Eli Zaretskii <eliz@HIDDEN>, Stefan Kangas <stefankangas@HIDDEN>
Subject: RE: [External] : bug#75017: 31.0.50; Untrusted user lisp files
Thread-Topic: [External] : bug#75017: 31.0.50; Untrusted user lisp files
Thread-Index: AQHbVKFGWxTC27GyY0Kxav4Dx1QxjLLymYaQ
Date: Sun, 22 Dec 2024 18:47:49 +0000
Message-ID: <DS7PR10MB52324BF27649DC00B056B193F3012@HIDDEN>
References: <87bjx43gp7.fsf@HIDDEN>
 <CADwFkmk-W0ijE_4T0LMc3wqcp8BojQsb-+i998W6kZ2Hqnb2Wg@HIDDEN>
 <jwv4j2wcsvj.fsf-monnier+emacs@HIDDEN> <86h66w6yam.fsf@HIDDEN>
 <CADwFkmkAqcREmnqCodxgbS9uCVRHNmbtugJvRkpZLqZEgqonUA@HIDDEN>
 <86ikrb5zms.fsf@HIDDEN>
In-Reply-To: <86ikrb5zms.fsf@HIDDEN>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DS7PR10MB5232:EE_|SN4PR10MB5622:EE_
x-ms-office365-filtering-correlation-id: 4e17f43d-f5ed-4a61-ce8a-08dd22b9225b
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0; ARA:13230040|366016|376014|1800799024|38070700018;
x-microsoft-antispam-message-info: =?us-ascii?Q?bUQy++xjYHxKVSDubX7++Tk5OOVKHC2/TEnNuxlosbAjAc3nvQIajTDugu4G?=
 =?us-ascii?Q?0pWndVv3X4yOD3RmVLEjIZ44HueJJG8GEgfYsUYQmI9T8FX8sB/sydUfABm0?=
 =?us-ascii?Q?aIB4cdIJXrunSlIgQSiE5tsaOePA5KmSCDETxRSbatweoU0kv6B0n8MBUQfi?=
 =?us-ascii?Q?RmoMWo3ILHFa9D1Fr6FOsZWEqwDNkcVXKLMzX3jZ+hHPFVxnOeRBkyn4Jga1?=
 =?us-ascii?Q?E3sCyXWKfuWQpatKGSxkku/qZ4FiPfL+lMYyGHt+mP57MNcxtM27gILFu5vt?=
 =?us-ascii?Q?6Brpw00pAZJcGl3uSwJqjOqtcKVl8U1x5ptlVKzB7T2xttUTkPd8l35291/3?=
 =?us-ascii?Q?tYEdWHF+izcev/HaH48TibP+D3O55c6PT1U72PpTgtneVrBgi9UZc5F7CVOS?=
 =?us-ascii?Q?L4ihG0hbeaBiireOFjJSO9xBuFkI+B0Gkx7XzN6kSHY0hZeKBwZrqmXwcHqM?=
 =?us-ascii?Q?LhpE1/vs+XMjaPY8ELXeHs0Fd/afD09T8NXtR8GXii6SAXrXu5vgJaAy/+Ce?=
 =?us-ascii?Q?CUmvqY25Bo+tpS+lUe7E+0Z/WKMwwOjgsAGZT36V3EyNp3KE13aIgOQ1xxL2?=
 =?us-ascii?Q?15dOkUZLQUpYdzArcx9LzD6iMKkMF/JHwPGHpgLxJQhY5fAWeIwJGepQt2FK?=
 =?us-ascii?Q?j7MIfwaPzfMz6uRvIxMPEyVtqjRDPfj9wXUwdvdowYR8bXtQZZWDmZrIUH+i?=
 =?us-ascii?Q?PdK8aYr5q+HK+EcC759WPdaI3D+bSGFBzyXb0nyjHfn31BRC6rgPQ3eM0doQ?=
 =?us-ascii?Q?+xsRkV2Xxk7Z6Q8cE5BJ6VWgxt0niu6YN/s1OKXxR4UMMlRx4oy1RB2syDmz?=
 =?us-ascii?Q?fB2xjDhhT6FMcgdC2TOseWb3/GVyOlU3nqN5HQ3Iv+YVR7kEQX22ucWOLlzn?=
 =?us-ascii?Q?OiFv5x49Dj55eMntv+WUSkSfVcqfV9dE1aASGe9q+Tt4DwqeUmpFP1wEx6uu?=
 =?us-ascii?Q?BuYKz1TmzHgeYytoNnlwTVaf+pj0ehvyDMZXXKiT1421ZITJCRM5OteE6aDP?=
 =?us-ascii?Q?qNP6ZBbaK8Oru/jA1whIqi2FKr5FECOLHcACHRk9pY9GiAaLklar8qfWDyi7?=
 =?us-ascii?Q?u4F61hG7dJmO13xp40D03nXWD4luM031ytgTua9Ygztqz32a34pT4oHt6sIS?=
 =?us-ascii?Q?nz0v457cVoBIIZzj8V28AXq6j/SkLjeVS63p9xnXp7a8Do5p9V46Zk+YFAB0?=
 =?us-ascii?Q?uQw/jwCL0fdxrnlKQ5MPXjPdAvXfPRip7bR851LOSCe+R2ovr3KOyKEDOxY9?=
 =?us-ascii?Q?r0dfz1JTEMxjibllxydqZ2QJBAAspPmohB1eayN2UAWoy2Ee+5WqkbXQadjK?=
 =?us-ascii?Q?P61Ghv6FAK6WlkTwqKJ2sWvLLelfGzBGdT7orwAatzJp9Ri/dIkboVUMiG3Q?=
 =?us-ascii?Q?YQhh4/qYLG6mKjC38r6kfPbdFglyVEYS78hjhZC8BYiRfkuhrgPfKQo7sVFu?=
 =?us-ascii?Q?GqRb4tAgDgO+B1SnHrUCXPkZvhV301U9?=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:DS7PR10MB5232.namprd10.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(13230040)(366016)(376014)(1800799024)(38070700018); DIR:OUT; SFP:1101; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?CRV4IpVqZJFid4a8eC61FDKbKuFjD7GoXGdyJPbUvMYAUpmN88zzVTQaXp2D?=
 =?us-ascii?Q?u31m6Inr36EeoNM3lHho+qSxSAWVNAGFqH/ozkY5m/tEZ8JCJvrQUUfejI0R?=
 =?us-ascii?Q?GRaH1jAKsMpFQz47SIFwLce2EOtlWayAAxZaUKRxLpJgUNAMKMfyGduwyq7i?=
 =?us-ascii?Q?LFtMrerqdGvX/5/o/rSpK3oZZBFTbZmlkiOLeFx2u959SG/319xWJfFvTaSi?=
 =?us-ascii?Q?mLE8nB5hNieO5m57pEFRd4zDYgIMOoLjOCPuW5QM1KE42EFFxdKmRX3iCLlp?=
 =?us-ascii?Q?LH04nr/xtWkw+xTtD2atX0Y0GfVeR4JFl5VWW8Rb06XCIFKORx4r8ryJ/Q0s?=
 =?us-ascii?Q?OqdsBqjv2MA52ScmtPEQXkUvz6B/mmmy//CqmognZ7v1RjqTQhj9OwB+f5Rs?=
 =?us-ascii?Q?3U4Esvv3F448K2JI2G9wlNKfCmsNFvRYmo4IvFBu/lsz5MhNFJj3zYUbXwWL?=
 =?us-ascii?Q?+jw2/C1lBuvcfMm6H5D+jZw6/3qXFxO26uEl/4mHydZTVyhLkVoJgVDnZWbn?=
 =?us-ascii?Q?Wu6flPyjAfAY1QNUSfxYPt2ebNv/kqaGdhZnrQRVsvVAo66d/wIgnzXe8AfK?=
 =?us-ascii?Q?/vKjezoiJ9o5GOzd8wD9bawRS3omDsZByvtHEldL2WZL5GnTFlPhWd/Xx0uH?=
 =?us-ascii?Q?3vmId3kdhif6Wm30PKER8OLbOVOcPueZ81Ss3qy6Jgkg/GJ2OZu3YXsEB0nM?=
 =?us-ascii?Q?XhiEKm9T6Cb4Nfsd0bB0JaLscYpL1EKGXhwb4s6w+wkbDUKbUm48G6ffhQEL?=
 =?us-ascii?Q?L2uSWFJt0PPtB3PkzGeH9TTVxk9mJDm/q9AovbWZdbFHwqs1sNy53X4GwJ4U?=
 =?us-ascii?Q?c0TKHg37lBX0Vh859pth1lA01Ll7WQDwWoF21huHZ67oHo2bEbygb6gbYvqd?=
 =?us-ascii?Q?+EuTPSQVys0Kn7mwE5iYvjsjQOXD1AgGTjufWow+dhEpD7FMCqPpA2XmVUGK?=
 =?us-ascii?Q?+y0kxZoU1YkO3g+A+5p1shV+fSV014SAfF/N0Xq6r/kiShp4xSOgvoXmg2GX?=
 =?us-ascii?Q?05C1nDFA/1SKefcGOWvxRYbM/yqKzXg5/fDAkknORzSS2qzvsqnHuBMrk9kF?=
 =?us-ascii?Q?5rtqdS8+iLYPpKqyqYJNDRWSOOeX3BaJcDbu5zV46NyX3ljCyuGYVSLUGoKJ?=
 =?us-ascii?Q?jFuW0WPhdVj/ddlozREYpvHsok495jk+jpgD/Odcn2immz7EbS8n65PvW1r1?=
 =?us-ascii?Q?8uvdsU7nVaMjOz8kk/akpoyq0cTU6fTBwhkcS0V3clg+0N98+4Pmos0UtNvW?=
 =?us-ascii?Q?z+aqFr+27ztzoM3BVDMFwhgk9fE2p1otQxMS2hbY6xveolQdlzk/ZXSwWPuq?=
 =?us-ascii?Q?fv4vO3/49Esju8zJ9YF9PT6hBqW9ACdPxA7kYME95ml5IDFhIQMF0I7uHpxL?=
 =?us-ascii?Q?r94YBBH0VyHm5tVWNp1Bs9jxiPahekUADpT/WcAIYX3L+zTK5HpAJe1ttGve?=
 =?us-ascii?Q?r+iCIqaM/KDVXljCYKF0VG7v4Co+7YThGxGYSIpJkHqx9w7BoPEhciFS27GF?=
 =?us-ascii?Q?w5Ef9m4FxrJD7nGkf21n3LSYtZ+dBPyLte9uPUE2m8yTu/2355ExRlrzq85t?=
 =?us-ascii?Q?0magHqokHln8sC1RvcS1E0DhTnNUSn9mg2zhpE2r?=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0: r3I5FVePMqDHCIZnafVUMPZomsWFiBcfaaR8i9AiSovANvb8jhG3zlPWB7lE0tcSQwLtERbISQoZNRGd/3BBEIDlB6PllvfH+cQmtchQ8RnBs52MmBXlTxHYAQNt0f78hwq6uPdSdPXoYSUFoFpKtRV4osaahoFn5kEDcHES0g1peZ8u9D1m01RbOxN/V/DonpXvVaXBVYn7uIKUuCTcq7MJhjLadmZKfOLqFs0weFNCpqQge+JcURuA0TrDwm5t9IXZrl2vi4mYqUDV/vr4hvVtFnR/u9ZWF3HMTOkdm5bF005AfyFf6y5ZO58aukuXNGMFEMqMBSHzjH6qv5ELPzhWW+QB534oNEYcuLBzUUb/TS8DaBicpdb9mP+7IAK/Y8BmtNIIYnWdOp50uGuvMzlyuFuEHTr8x9zAGDNhBk5Hr0NE0tnWbsBN43Eb0yoRGAz3qHuh+0O5LZDkoxeKeCuI8JWs6zmMHIRcLequhwPKZaAReuR03yBWNFIO1E8pcJl+ev6SOR/RDx69r62F2Q4TO3+E7etFCWpl0AI0U3OqqqNWuz1ucloLg5R54wmpgrQ+AeKyv0LOymK4x1DY6RA+II224O+dBY9QpDxfqtc=
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DS7PR10MB5232.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4e17f43d-f5ed-4a61-ce8a-08dd22b9225b
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Dec 2024 18:47:49.6931 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: JxGNpWFq30iMOgV0RMe1GvEB2fZYHIf6MGVvs0R59c92O8kS6h2R9Hoei6lqzX87inxqTCLumyhArk+s8+CZfQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN4PR10MB5622
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34
 definitions=2024-12-22_08,2024-12-19_01,2024-11-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0
 mlxlogscore=780 mlxscore=0
 suspectscore=0 malwarescore=0 adultscore=0 bulkscore=0 phishscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2411120000
 definitions=main-2412220173
X-Proofpoint-ORIG-GUID: hFDHTVAEB5tS8CxCBq7Xb9ryEwR7-DPf
X-Proofpoint-GUID: hFDHTVAEB5tS8CxCBq7Xb9ryEwR7-DPf
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 75017
Cc: "acorallo@HIDDEN" <acorallo@HIDDEN>,
 "monnier@HIDDEN" <monnier@HIDDEN>,
 "jm@HIDDEN" <jm@HIDDEN>, "75017 <at> debbugs.gnu.org" <75017 <at> debbugs.gnu.org>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

(Apologies for not following this thread.)

If this is about Emacs claiming/suggesting
that something is trusted or untrusted, I'd
say we're better off saying only that Emacs
CANNOT vouch for the thing to be trusted.

That's better than claiming that something
can't be trusted.  And it's _much_ better
than claiming that something _can_ be trusted.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 22 Dec 2024 18:41:51 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 22 13:41:51 2024
Received: from localhost ([127.0.0.1]:51882 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPQtj-0002p0-Eh
	for submit <at> debbugs.gnu.org; Sun, 22 Dec 2024 13:41:51 -0500
Received: from eggs.gnu.org ([209.51.188.92]:56508)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1tPQtg-0002ol-QQ
 for 75017 <at> debbugs.gnu.org; Sun, 22 Dec 2024 13:41:49 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
 id 1tPQtb-0004HX-K3; Sun, 22 Dec 2024 13:41:43 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
 mime-version; bh=/AbHSF6MtRJFbXXLRTss7I9XLsCsGP/8AEbnQ2wAEp4=; b=EUt3X1pZSQi+
 tGfRoIU3Bt4W+yCI3vy5onYlPBySFt5XuoGYJopDH4d2BO5h79hd8TVqGTT9L7pjAmsAadsjB/2Sf
 9oXpcEsSPf/uNNchUCMT1grK3UMsJrV791oIEv2SnghWjsH/lSUV+94EEk2iXBAEYp/6o2U38BfI8
 xIDYvJNrJg6e+I0zVU+0cYzG4b1kJLeOg3eh39k1rcoHDvx6cXF5zW2j6iJrioJx4x/4q08UppkA/
 ClDRNL/wtupWXQdhf5ErkT0IHzjP6WzfS/IqqmGb79iii/K6CWBvZKpS/wkToFEYGKwqup9eBX4tK
 D/E0YjTCcGFJ71Pk051Waw==;
Date: Sun, 22 Dec 2024 20:41:31 +0200
Message-Id: <86ikrb5zms.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Stefan Kangas <stefankangas@HIDDEN>
In-Reply-To: <CADwFkmkAqcREmnqCodxgbS9uCVRHNmbtugJvRkpZLqZEgqonUA@HIDDEN>
 (message from Stefan Kangas on Sun, 22 Dec 2024 17:36:15 +0000)
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
References: <87bjx43gp7.fsf@HIDDEN>
 <CADwFkmk-W0ijE_4T0LMc3wqcp8BojQsb-+i998W6kZ2Hqnb2Wg@HIDDEN>
 <jwv4j2wcsvj.fsf-monnier+emacs@HIDDEN> <86h66w6yam.fsf@HIDDEN>
 <CADwFkmkAqcREmnqCodxgbS9uCVRHNmbtugJvRkpZLqZEgqonUA@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 75017
Cc: acorallo@HIDDEN, jm@HIDDEN, monnier@HIDDEN,
 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Stefan Kangas <stefankangas@HIDDEN>
> Date: Sun, 22 Dec 2024 17:36:15 +0000
> Cc: jm@HIDDEN, 75017 <at> debbugs.gnu.org, acorallo@HIDDEN
> 
> Eli Zaretskii <eliz@HIDDEN> writes:
> 
> >> From: Stefan Monnier <monnier@HIDDEN>
> >> Cc: john muhl <jm@HIDDEN>,  75017 <at> debbugs.gnu.org,  Eli Zaretskii
> >>  <eliz@HIDDEN>,  Andrea Corallo <acorallo@HIDDEN>
> >> Date: Sat, 21 Dec 2024 22:16:05 -0500
> >>
> >> > Maybe we should install something like the below?
> >>
> >> Fine by me, but I think this should be added via a new
> >> `trusted-content-function(s)` and added buffer-locally only in
> >> elisp-mode buffers.
> >
> > Sorry, but this is slippery slope.  For starters, no one said that
> > site-run-file is installed by a sysadmin -- that is only so on certain
> > systems.  For example, MS-Windows is generally not in that category.
> 
> It doesn't matter who can edit it.  `site-run-file` is already trusted,
> since it is loaded at run-time before `user-init-file`.

It is loaded if it is there.  On my system, there's no such file, and
I don't expect to have it.  So if such a file somehow materializes
there, I want to know, pronto.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 22 Dec 2024 18:41:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 22 13:41:08 2024
Received: from localhost ([127.0.0.1]:51877 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPQt2-0002nw-03
	for submit <at> debbugs.gnu.org; Sun, 22 Dec 2024 13:41:08 -0500
Received: from eggs.gnu.org ([209.51.188.92]:59062)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1tPQsy-0002nI-Ko
 for 75017 <at> debbugs.gnu.org; Sun, 22 Dec 2024 13:41:06 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
 id 1tPQqm-00036L-86; Sun, 22 Dec 2024 13:38:48 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From:
 Date; bh=fnoiIMV2OJmAd7ObGtvPnYk0GpAO9XoDjV53kIESCTA=; b=WIdwsBgKjjKaljNn+oN0
 MxnEyJ9AeA2xTsn+JfB+xHDEwvnAL25yrE4vUgDLSSZSIo1OEGfmKqMRF7bc5SfgfHwZ8lrCB6PXu
 W+DLQ0v3ofTHb70g4ISHnDO7vr5hv+PhMfww84Inol2PaLuasMHLDVvoWTYGk7PkvzX+TKsc9jQb2
 qbbhiRxAoycbjLWRd2QM4HEHmYJILvWHBEU/JHS1HYD7yo/1CaeKWp/iPC3uZoUfpPPGnHVK9wBL7
 7AAEovajjM/7bxI5MRTgGZYV6T3Rvn+IpSKHHbeptfDg9HtUXLciWKj/AbI3E5TNlF67SpEJVzAFe
 P/5T+zNUnIZidg==;
Date: Sun, 22 Dec 2024 20:38:46 +0200
Message-Id: <86ldw75zrd.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Stefan Kangas <stefankangas@HIDDEN>
In-Reply-To: <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
 (message from Stefan Kangas on Sun, 22 Dec 2024 17:20:13 +0000)
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
 <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 75017
Cc: jm@HIDDEN, 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Stefan Kangas <stefankangas@HIDDEN>
> Date: Sun, 22 Dec 2024 17:20:13 +0000
> Cc: 75017 <at> debbugs.gnu.org
> 
> Eli Zaretskii <eliz@HIDDEN> writes:
> 
> > No, not IMO.  Please add those files you know you can trust to the
> > list of trusted files, and let's see if that works well for you.  If,
> > after you have used that for some time, you have observations to
> > report or changes to suggest, please do, but let's please base such
> > observations on some sufficiently significant (read: long enough)
> > experience.
> >
> >> What about files put in place by a system admin or your distro’s
> >> Emacs package (e.g. site-run-file, default.el)? They generally
> >> require root priviledges to install so if they can’t be trusted
> >> you’re already in trouble.
> >
> > On my system, these files do not need any admin privileges, so I don't
> > think we should trust them by default.  Users who know that these
> > files are modified only by trusted admins can and probably should add
> > them to the list of trusted files, if they need that (in general,
> > there should be no need to run Flymake in those files, in which case
> > these files don't need to be added even if they are trusted).
> 
> I don't think it's meaningful to consider them as not
> `trusted-content-p`, when we automatically load these files into any
> running Emacs session.

No, we don't load anything.  It's the user who tells us whether to
load these files, by placing them in those locations and naming them
according to what Emacs looks for.  It's up to the user to tell us
whether everything in those files is trustworthy.

And let's not forget that various packages write to the init files, so
not everything there was written by the user.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 22 Dec 2024 17:37:19 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 22 12:37:19 2024
Received: from localhost ([127.0.0.1]:51791 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPPtG-0008N4-NU
	for submit <at> debbugs.gnu.org; Sun, 22 Dec 2024 12:37:19 -0500
Received: from mail-ej1-f44.google.com ([209.85.218.44]:54781)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <stefankangas@HIDDEN>) id 1tPPtE-0008Mv-Mv
 for 75017 <at> debbugs.gnu.org; Sun, 22 Dec 2024 12:37:17 -0500
Received: by mail-ej1-f44.google.com with SMTP id
 a640c23a62f3a-aa6a92f863cso339812966b.1
 for <75017 <at> debbugs.gnu.org>; Sun, 22 Dec 2024 09:37:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1734888976; x=1735493776; darn=debbugs.gnu.org;
 h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
 :from:from:to:cc:subject:date:message-id:reply-to;
 bh=/RIpXEpsECSEBP+QAfAd36lIRF3/dI2uFRPwHHrN9Hw=;
 b=Y+n6eelCxYkK0Dy3CiDpMHMggOyMw19x/mxURgBFBnUB7FO8wiU7XcmC4SWRQiknpC
 mdsb4j5wj7y8n8B3qVWCxWkHeLhB4dU+OujzfcBqAYq5qhSSfEsLHp+URqFUFfjhOU/9
 fq0zW9Xi1OzUFJuGDOqUkZkPJ8OenUAJYTUdhSJUS5oS3uo08IVsHRdavor9DtIlwf46
 9TFjZLJfZUn58Yt+FloAbSkuMRH4S/AylWtM1MmUqzGCfn4Dg1zXWNeNARwW+LWiCFzE
 JB9pnKlSdIYRlPZXlmvTd6zurPj/F3UWkCPl3dnzXJQhdvX75WCZXg4uOrQVt8Xz7Eux
 IGBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1734888976; x=1735493776;
 h=cc:to:subject:message-id:date:mime-version:references:in-reply-to
 :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=/RIpXEpsECSEBP+QAfAd36lIRF3/dI2uFRPwHHrN9Hw=;
 b=pO/JWxnkLtJLzqoWTk83z+Jt+RgZ5j6CTjY0YLcQrxOmSvIqeSfBKCWZv7+OouZf47
 7f4O5EnuGoBJl5dLteVmmCTVXBL12vifC0PlTI6Z1JPjAZ+AoOEDKhVWH0GjqfB06KsY
 xk70OKBFqdXNS6wkSlA8844pKq232fqGqq0vxenryBjoo35XImO3teKGn+sc7dMomD0v
 xVlRIuXNSz0rxLkEpRFD1d/OQuE6BPf62cIyBzdecFtB+YglQ2YTJG3luPKT0nRvppDM
 KvCZQ48S9L7hkqnfGIf39fwbzqZeHxB62s9eTlHC48Q5GfxuYXOO3Kle+orffcC+8IQY
 SuEQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCV5FCHqGHPaVJHSne6lUyJHiswPur/Fnf8DNolZz4sEbmfXsE2CxIZw08b2gsyHp2G9gykKng==@debbugs.gnu.org
X-Gm-Message-State: AOJu0YzlQ0cIujECGSbeSCl9pdFOV3WXXdjM6tLPz9yygWEEBHpaNSMV
 dU4KouNu1jgK9hROZISKuPWd9SGuQqviof7jzoWOaMs+tHf4RhK17oEbOnHsDxmbG2tPVMyRPxB
 ElY7lcrQB7R2OKWf/UafbmWfivi0=
X-Gm-Gg: ASbGnctzuVSRV5CWqjnMydgNo0Jqz4pW9L8ldrWH7Wbh+/OtG8lz3CSw6bRJyULA0dN
 XFFIbs3Xw+CLdL47xObjIcMAWn4H37omjkCxohCS6
X-Google-Smtp-Source: AGHT+IEpIgFvlEzk81l65h8BG79hD7eprq/3mP7JIJvQDPtQTGvheOl5A8SYw2iXbRe5e58T57mPaKeQQggTbZlNlug=
X-Received: by 2002:a17:907:94c1:b0:aa6:8096:2048 with SMTP id
 a640c23a62f3a-aac2ad825e0mr906538866b.17.1734888975529; Sun, 22 Dec 2024
 09:36:15 -0800 (PST)
Received: from 753933720722 named unknown by gmailapi.google.com with
 HTTPREST; Sun, 22 Dec 2024 17:36:15 +0000
From: Stefan Kangas <stefankangas@HIDDEN>
In-Reply-To: <86h66w6yam.fsf@HIDDEN>
References: <87bjx43gp7.fsf@HIDDEN>
 <CADwFkmk-W0ijE_4T0LMc3wqcp8BojQsb-+i998W6kZ2Hqnb2Wg@HIDDEN>
 <jwv4j2wcsvj.fsf-monnier+emacs@HIDDEN> <86h66w6yam.fsf@HIDDEN>
MIME-Version: 1.0
Date: Sun, 22 Dec 2024 17:36:15 +0000
Message-ID: <CADwFkmkAqcREmnqCodxgbS9uCVRHNmbtugJvRkpZLqZEgqonUA@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
To: Eli Zaretskii <eliz@HIDDEN>, Stefan Monnier <monnier@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75017
Cc: acorallo@HIDDEN, jm@HIDDEN, 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Eli Zaretskii <eliz@HIDDEN> writes:

>> From: Stefan Monnier <monnier@HIDDEN>
>> Cc: john muhl <jm@HIDDEN>,  75017 <at> debbugs.gnu.org,  Eli Zaretskii
>>  <eliz@HIDDEN>,  Andrea Corallo <acorallo@HIDDEN>
>> Date: Sat, 21 Dec 2024 22:16:05 -0500
>>
>> > Maybe we should install something like the below?
>>
>> Fine by me, but I think this should be added via a new
>> `trusted-content-function(s)` and added buffer-locally only in
>> elisp-mode buffers.
>
> Sorry, but this is slippery slope.  For starters, no one said that
> site-run-file is installed by a sysadmin -- that is only so on certain
> systems.  For example, MS-Windows is generally not in that category.

It doesn't matter who can edit it.  `site-run-file` is already trusted,
since it is loaded at run-time before `user-init-file`.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 22 Dec 2024 17:21:21 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 22 12:21:21 2024
Received: from localhost ([127.0.0.1]:51705 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPPdp-0007Vm-CL
	for submit <at> debbugs.gnu.org; Sun, 22 Dec 2024 12:21:21 -0500
Received: from mail-ed1-f47.google.com ([209.85.208.47]:58841)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <stefankangas@HIDDEN>) id 1tPPdn-0007VR-NJ
 for 75017 <at> debbugs.gnu.org; Sun, 22 Dec 2024 12:21:20 -0500
Received: by mail-ed1-f47.google.com with SMTP id
 4fb4d7f45d1cf-5cecbddb574so5513000a12.1
 for <75017 <at> debbugs.gnu.org>; Sun, 22 Dec 2024 09:21:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1734888014; x=1735492814; darn=debbugs.gnu.org;
 h=content-transfer-encoding:cc:to:subject:message-id:date
 :mime-version:references:in-reply-to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=OH2XsforQ2kS4OB798s1bUs3UtsHh4QdatlsHJsrpdo=;
 b=BssiAu8x/sH+gQK2LjBp4b+514mQ9M5VRGjGy/pBJveDsNFhMuVUlh6DYKlBnj9OzK
 jyoh1Pu6b6wRhB9TJl49uZ2JJ0pgahl+iaVtxQkb1cP9zuARGsiFMBBKQv8yQuHsVgJn
 97hWkH8itLMOWIwfUjwfmNQk+E0mtkzAszPsdTR5wwcYvXb8YavpP6Yb0b2ClUWeGcn4
 LWvsV0HdleRsmYfKKvD+MZ5GSnJ6Fo3QVTDq4oygw6Q1ioPQlirTUoE9Hj4kaNhsKRVG
 NPPiXR0RuQtqTL+01CpNCLN08GZa3tgRUSPSKpXrmbesPHRvejESPl7O+JsqJTC/30Wi
 WQpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1734888014; x=1735492814;
 h=content-transfer-encoding:cc:to:subject:message-id:date
 :mime-version:references:in-reply-to:from:x-gm-message-state:from:to
 :cc:subject:date:message-id:reply-to;
 bh=OH2XsforQ2kS4OB798s1bUs3UtsHh4QdatlsHJsrpdo=;
 b=DgzjSiic4ETzLwFUnhJ8VPFwSouZllqvjoVtF5jZ7bIHAia0b/Zyjn3lac4KZQWSFy
 JHGuIn/au6RU0qml4LJdtLQnaPvmx+jQ9RRsiHcqdD5pK7VS3FfMEHuadVUjVJGtalGR
 XPV6kM1nt/LmEq+UD4GTBi7Z5wumJ3kCLbiou0/q+2m+OCZf1VgEl8JHAtgTym8uOWiQ
 vEFWtu5TYPEkGNhxM01L9SoEoCIf8PtLzGdko4ZMQ0NlBko3WgYaimh2KVuC/IKAT+kK
 fjc7M69uo2EbcLpLWIFZQwFpeJ+wMmEKiPAV+5A7G/wC1mumIFlB4NWm3pt5PJjWnA2i
 wXZw==
X-Gm-Message-State: AOJu0YzRbP/72nqQWo5L7RqOfFPADavcDl2oGxqDOmC5Fa7ooON8eCqE
 9FjQ1H3CE0IIGKdTjEF9wbJjb6kLvRis4Tp3f1pK5Z+jy2iRfXBkwJTrPdqjmlChZYBSPByNw+J
 tMDHthCULhUonZHNaTjqJMkTmMpo=
X-Gm-Gg: ASbGncvO56OD+xJBAtgqORztBULIL21Ws2M6mOv1tjALVgUMzEtC///965Epj160Nqw
 zqCzdLSFMpYQtdlsaNRw90d8YnpYg/E5QLtgbUV5h
X-Google-Smtp-Source: AGHT+IHK5lYM1mwewbuSc8y7ugLEQt7qnFwZJlAEoEG2o19DdCSIbrlIQP6AjXNdSwlCcIuEzjWUbHffh3a1PAYHfik=
X-Received: by 2002:a05:6402:2692:b0:5d0:cfdd:2ac1 with SMTP id
 4fb4d7f45d1cf-5d81ddd67b2mr8090569a12.6.1734888013719; Sun, 22 Dec 2024
 09:20:13 -0800 (PST)
Received: from 753933720722 named unknown by gmailapi.google.com with
 HTTPREST; Sun, 22 Dec 2024 17:20:13 +0000
From: Stefan Kangas <stefankangas@HIDDEN>
In-Reply-To: <86frmg6xzf.fsf@HIDDEN>
References: <87bjx43gp7.fsf@HIDDEN> <86frmg6xzf.fsf@HIDDEN>
MIME-Version: 1.0
Date: Sun, 22 Dec 2024 17:20:13 +0000
Message-ID: <CADwFkm=u2VALLXnYXEtU6fZxBg01449q8FSc5XdAFcv638kfxA@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
To: Eli Zaretskii <eliz@HIDDEN>, john muhl <jm@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75017
Cc: 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Eli Zaretskii <eliz@HIDDEN> writes:

>> From: john muhl <jm@HIDDEN>
>> Date: Sat, 21 Dec 2024 14:48:52 -0600
>>
>> user-init-file is trusted by default but not other user files.
>>
>>   C-xf ~/.emacs.d/early-init.el
>>   M-x flymake-mode
>>
>> Produces a warning:
>>
>>   Disabling elisp-flymake-byte-compile in early-init.el (untrusted conte=
nt)
>>
>> custom-file (when not the same as user-init-file) also causes a
>> warning. Should these also be trusted by default?
>
> No, not IMO.  Please add those files you know you can trust to the
> list of trusted files, and let's see if that works well for you.  If,
> after you have used that for some time, you have observations to
> report or changes to suggest, please do, but let's please base such
> observations on some sufficiently significant (read: long enough)
> experience.
>
>> What about files put in place by a system admin or your distro=E2=80=99s
>> Emacs package (e.g. site-run-file, default.el)? They generally
>> require root priviledges to install so if they can=E2=80=99t be trusted
>> you=E2=80=99re already in trouble.
>
> On my system, these files do not need any admin privileges, so I don't
> think we should trust them by default.  Users who know that these
> files are modified only by trusted admins can and probably should add
> them to the list of trusted files, if they need that (in general,
> there should be no need to run Flymake in those files, in which case
> these files don't need to be added even if they are trusted).

I don't think it's meaningful to consider them as not
`trusted-content-p`, when we automatically load these files into any
running Emacs session.

> Btw, if we are talking about trusted admins, then entire directories
> should be trusted, for example /usr/share or /usr/share/emacs.

Yes, though we'd have to discuss which directories those are;
`load-path` and `source-directory` are two candidates.

> There's a reason why we didn't do that by default.

My understanding is that we just didn't consider all of these cases.
At least I didn't.

If others did, it wasn't sufficiently explicit for me to notice.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 22 Dec 2024 06:19:43 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 22 01:19:43 2024
Received: from localhost ([127.0.0.1]:48788 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPFJW-0000MP-Ua
	for submit <at> debbugs.gnu.org; Sun, 22 Dec 2024 01:19:43 -0500
Received: from eggs.gnu.org ([209.51.188.92]:49736)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1tPFJU-0000MC-PP
 for 75017 <at> debbugs.gnu.org; Sun, 22 Dec 2024 01:19:41 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
 id 1tPFJP-0000nL-JN; Sun, 22 Dec 2024 01:19:35 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-version:References:Subject:In-Reply-To:To:From:
 Date; bh=6l7AL339YfLVoll5cHDyHwBXVVaZ7sk5wF4bfPuYeLc=; b=pg/rc7gjjjiSsd2+rvQX
 q2Y/n2OQeuzVk9k508vQMyOJENkpsA04mk0SSmt5bSD9drQoSaA1fpJlCYVWY1BY+ghS2ScmHY/rq
 vHzZ7gUxF8rt2eEJMmm/mVCa95eviAuLTwLUgzWn6yX23E2jES/b6Rl6MB1mKEBAqI0bi61tHlM30
 Q7Ihfc07f6LyHEGRcaA3zFmZyyMsGgbI/gNzejp99TQfLmIzcqWxhwy1VqFr3D+NPEdSzqXZ4Db3Q
 8JN/oOXvP9aCx5sshdNQoZnP7uN2n8GiXlKNCmGro8C08wKTJ0ez0FvK19lHdCKt9XqWTuyJg04Pr
 T7NgbSvJZQG6gQ==;
Date: Sun, 22 Dec 2024 08:19:32 +0200
Message-Id: <86frmg6xzf.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: john muhl <jm@HIDDEN>
In-Reply-To: <87bjx43gp7.fsf@HIDDEN> (message from john muhl on Sat, 21 Dec
 2024 14:48:52 -0600)
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
References: <87bjx43gp7.fsf@HIDDEN>
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 75017
Cc: 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: john muhl <jm@HIDDEN>
> Date: Sat, 21 Dec 2024 14:48:52 -0600
> 
> user-init-file is trusted by default but not other user files.
> 
>   C-xf ~/.emacs.d/early-init.el
>   M-x flymake-mode
> 
> Produces a warning:
> 
>   Disabling elisp-flymake-byte-compile in early-init.el (untrusted content)
> 
> custom-file (when not the same as user-init-file) also causes a
> warning. Should these also be trusted by default?

No, not IMO.  Please add those files you know you can trust to the
list of trusted files, and let's see if that works well for you.  If,
after you have used that for some time, you have observations to
report or changes to suggest, please do, but let's please base such
observations on some sufficiently significant (read: long enough)
experience.

> What about files put in place by a system admin or your distro’s
> Emacs package (e.g. site-run-file, default.el)? They generally
> require root priviledges to install so if they can’t be trusted
> you’re already in trouble.

On my system, these files do not need any admin privileges, so I don't
think we should trust them by default.  Users who know that these
files are modified only by trusted admins can and probably should add
them to the list of trusted files, if they need that (in general,
there should be no need to run Flymake in those files, in which case
these files don't need to be added even if they are trusted).

Btw, if we are talking about trusted admins, then entire directories
should be trusted, for example /usr/share or /usr/share/emacs.
There's a reason why we didn't do that by default.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 22 Dec 2024 06:13:02 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Dec 22 01:13:02 2024
Received: from localhost ([127.0.0.1]:48775 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPFD3-0008WH-Gb
	for submit <at> debbugs.gnu.org; Sun, 22 Dec 2024 01:13:01 -0500
Received: from eggs.gnu.org ([209.51.188.92]:48760)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1tPFD1-0008Vv-AM
 for 75017 <at> debbugs.gnu.org; Sun, 22 Dec 2024 01:13:00 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eliz@HIDDEN>)
 id 1tPFCu-0007ZL-SQ; Sun, 22 Dec 2024 01:12:52 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date:
 mime-version; bh=YLVOLab8pBDgZZB1sQkSe8wrVNn9e/edtk7OH5o/bE8=; b=kacD7gigKXaX
 /ShHMMzquCebo+k8F6HT0Nfox+1jN+KL+dHUbB1FaECPRf663SM6noh21h4eoODFuz1ai5p1Eho19
 zomVlY3u4DpuS2Fy57D2PQA/oMoGzTy/ydFymXNPzSBEtoHNZpaHRSB4LydXLSZrsG6Ii0+z7Y94v
 EDQ91xrDqxxVvH29OD97sfsCaxvMKZZkLg07/fo7VKOUqXG4T+TBeEP6TnoCc3XpZpt5ZHI+0MYTi
 hA1O+v8ApzOu1Cf9qzBJ6w5Q5xlQaN0INToW56FogtbO/KYKVUdF15LQsZvEFPKkwEGJP1vLcG2J+
 BAx7NNGzseRZkS6eUbHJgQ==;
Date: Sun, 22 Dec 2024 08:12:49 +0200
Message-Id: <86h66w6yam.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Stefan Monnier <monnier@HIDDEN>
In-Reply-To: <jwv4j2wcsvj.fsf-monnier+emacs@HIDDEN> (message from Stefan
 Monnier on Sat, 21 Dec 2024 22:16:05 -0500)
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
References: <87bjx43gp7.fsf@HIDDEN>
 <CADwFkmk-W0ijE_4T0LMc3wqcp8BojQsb-+i998W6kZ2Hqnb2Wg@HIDDEN>
 <jwv4j2wcsvj.fsf-monnier+emacs@HIDDEN>
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 75017
Cc: acorallo@HIDDEN, jm@HIDDEN, stefankangas@HIDDEN,
 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> From: Stefan Monnier <monnier@HIDDEN>
> Cc: john muhl <jm@HIDDEN>,  75017 <at> debbugs.gnu.org,  Eli Zaretskii
>  <eliz@HIDDEN>,  Andrea Corallo <acorallo@HIDDEN>
> Date: Sat, 21 Dec 2024 22:16:05 -0500
> 
> > Maybe we should install something like the below?
> 
> Fine by me, but I think this should be added via a new
> `trusted-content-function(s)` and added buffer-locally only in
> elisp-mode buffers.

Sorry, but this is slippery slope.  For starters, no one said that
site-run-file is installed by a sysadmin -- that is only so on certain
systems.  For example, MS-Windows is generally not in that category.

More generally, if we go this way, i.e. every complaint by some user
about a file that _could_ be trusted, or even is trusted on a group of
systems, causes us to add more and more files and directories to the
trusted list, there will be no end to this, and, significantly, Emacs
30 will never be released.

So from where I stand, what we have now on the latest emacs-30 branch
is as good and as far as it gets, at least for Emacs 30.  My
suggestion to anyone who wants additional files/directories to vet to
please use the existing facilities to add them to the trusted list.
This way, we collect experience and data points regarding which
files/directories and under what conditions should be trusted, and can
improve what we have now in the future.  At that future time we should
probably ask users to name the files and directories they needed to
add to the trusted list, and take it from there, making changes which
will take that into account.

If you still insist on installing such changes at this time, please do
that on master.  My preference is to wait with this until we have
enough experience with what we have, which means not before Emacs 30.1
is released and a couple of months go by.  But if people insist on
installing now on master, I won't object.

Thanks.
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 22 Dec 2024 03:16:15 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Dec 21 22:16:15 2024
Received: from localhost ([127.0.0.1]:48581 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPCRz-0000Cq-F4
	for submit <at> debbugs.gnu.org; Sat, 21 Dec 2024 22:16:15 -0500
Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:21641)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <monnier@HIDDEN>) id 1tPCRy-0000Cd-5R
 for 75017 <at> debbugs.gnu.org; Sat, 21 Dec 2024 22:16:14 -0500
Received: from pmg3.iro.umontreal.ca (localhost [127.0.0.1])
 by pmg3.iro.umontreal.ca (Proxmox) with ESMTP id 998ED4421B6;
 Sat, 21 Dec 2024 22:16:08 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca;
 s=mail; t=1734837367;
 bh=g4sQixjiOQAgtzT+atQCagNbgSL83syZ0+UeuXC2KKM=;
 h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
 b=ZgDocbc387FIahsxvQ35WB9fgnuGM1ZYobs2tJTZhv98l6eIK0Qy8kmk/ED21EcoJ
 cXCUsghKyrDwjyXE3YfHk2M9jNiBwt1VahBOu49rlyzm1gpF1iWWxUhzP9Z7/BT9p8
 kCtUcbLh6o2qB352NTnwlKS8v2QC1wuQJPBHOH22y+DXzxMbA6khV8BwmQb9SJVqgC
 fr4D33yylUN+2LCElfLnjmqxbIx0E8HHgNcfgETRbKm8GJsJstnNFLFQIWPU4799Q4
 O9PqTX4y2zA6dtjfTuu4ZeGLYOLwG5gJ8vKFJ0uPQGm+xTpuYAujx1uy1sUB9z4zh0
 HACqhXrA725tw==
Received: from mail01.iro.umontreal.ca (unknown [172.31.2.1])
 by pmg3.iro.umontreal.ca (Proxmox) with ESMTP id A42E04421C8;
 Sat, 21 Dec 2024 22:16:07 -0500 (EST)
Received: from asado (unknown [199.119.74.1])
 by mail01.iro.umontreal.ca (Postfix) with ESMTPSA id 1982F12055E;
 Sat, 21 Dec 2024 22:16:06 -0500 (EST)
From: Stefan Monnier <monnier@HIDDEN>
To: Stefan Kangas <stefankangas@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
In-Reply-To: <CADwFkmk-W0ijE_4T0LMc3wqcp8BojQsb-+i998W6kZ2Hqnb2Wg@HIDDEN>
 (Stefan Kangas's message of "Sun, 22 Dec 2024 02:47:45 +0000")
Message-ID: <jwv4j2wcsvj.fsf-monnier+emacs@HIDDEN>
References: <87bjx43gp7.fsf@HIDDEN>
 <CADwFkmk-W0ijE_4T0LMc3wqcp8BojQsb-+i998W6kZ2Hqnb2Wg@HIDDEN>
Date: Sat, 21 Dec 2024 22:16:05 -0500
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-SPAM-INFO: Spam detection results:  0
 ALL_TRUSTED                -1 Passed through trusted hosts only via SMTP
 AWL -0.138 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's
 domain
 DKIM_VALID_EF -0.1 Message has a valid DKIM or DK signature from envelope-from
 domain
X-SPAM-LEVEL: 
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 75017
Cc: Andrea Corallo <acorallo@HIDDEN>, Eli Zaretskii <eliz@HIDDEN>,
 john muhl <jm@HIDDEN>, 75017 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> Maybe we should install something like the below?

Fine by me, but I think this should be added via a new
`trusted-content-function(s)` and added buffer-locally only in
elisp-mode buffers.


        Stefan
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at 75017 <at> debbugs.gnu.org:


Received: (at 75017) by debbugs.gnu.org; 22 Dec 2024 02:48:54 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Dec 21 21:48:54 2024
Received: from localhost ([127.0.0.1]:48533 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tPC1V-0007LO-Tu
	for submit <at> debbugs.gnu.org; Sat, 21 Dec 2024 21:48:54 -0500
Received: from mail-ej1-f41.google.com ([209.85.218.41]:48496)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <stefankangas@HIDDEN>) id 1tPC1T-0007L8-GG
 for 75017 <at> debbugs.gnu.org; Sat, 21 Dec 2024 21:48:52 -0500
Received: by mail-ej1-f41.google.com with SMTP id
 a640c23a62f3a-a9f1c590ecdso592243866b.1
 for <75017 <at> debbugs.gnu.org>; Sat, 21 Dec 2024 18:48:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1734835665; x=1735440465; darn=debbugs.gnu.org;
 h=content-transfer-encoding:cc:to:subject:message-id:date
 :mime-version:references:in-reply-to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=mMKqshqa/IQc1J4PLGdoX1672lTJXHbPxr88HNqrmaQ=;
 b=UF1Q+B0RNW2rnb9jq9hu2gOYQm2WL5K+h9TWiHBZ2eF4VEVTEWNA16kPQ+Zo13B5dM
 HF06SP7nIJ8km1BhR4siBgd8aeKEIQXMyqOCc3NlXedo6LHl87jKL7tM55FVQo1dx06d
 wAp6f8GVGxdAUa61d6uTtIizdO6O6ybKHKR8OKK/UTnkEs+hQZwjuIUeFnqsae6yzg3j
 e8yIfQLozXBiiXQQruc22KfY//qswV3ekwOQsVKWkO0r2pGL4TefWGdmXSdnwEH75uNq
 HN9cIYxjN6ykgf9zpVDF1DQJ02v3zXNqON4Nc04oRtHUfzADDvwNch1HVakZ6IDoqeU1
 j4iA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1734835665; x=1735440465;
 h=content-transfer-encoding:cc:to:subject:message-id:date
 :mime-version:references:in-reply-to:from:x-gm-message-state:from:to
 :cc:subject:date:message-id:reply-to;
 bh=mMKqshqa/IQc1J4PLGdoX1672lTJXHbPxr88HNqrmaQ=;
 b=W8YI1DoC7KggcTx9EBiVMYIwLR0QpPnvTSWWyqS2OLi1opVELZs5T4w3zt0xfzvgc9
 6c8AlNLMqMpQhs5wi1MGM1KnAZ8tlgo8lCFp/eiPAX26Q4rb/BcQvdKccWNlo+G7fO2e
 mBLEjjy8PWTEf5QO/c3rx/10064P+DvFFi4/viNJXztPVz7WiWPGR6WOZxbmCwSAHmem
 hP9RqMmtsSgnyoIxOo5JJzH0VqXecwGGbsFOlBQws3GpAFJUgBsr/SAhiKnoMU1n1cgo
 dOiGNxj7Ql07UEptcRyeAY3+qEQC3UCkhEK67/fPBiMCgxZHtaG+b6wu7y+F7AqxDuaV
 yKrQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCX9Fzf1EcYn7p0W0fXwaV+xF4jRhHGQYjYl4+QK3kGIreLjrlflohS6VC+cUR0H+TxNV8LH+g==@debbugs.gnu.org
X-Gm-Message-State: AOJu0YybwRPLbXytXKnVh55eBKUzm3uRPoCnCfRtkkCpI0GNscglIVuV
 nbtAhgh1XS5UAcB6aAhAX7x+6VaSRonn24u+R9OA1QAc7mYHCz1vx1UvKqWUN2nYNT+HmvGQtuz
 DamTQ7pSVUTPTWqUiFwgc2E6Qhco=
X-Gm-Gg: ASbGnctwVmRjb2gDrWySwOeUnr7jopLSvM+RY1LiyjYXPu2rVdi41FYjxlccTY82QVB
 4TPHk0XJSwF2PpeFIzMq199ut3z1amU8CcYCCd9g=
X-Google-Smtp-Source: AGHT+IEODgiAhji6jNCMuy+l9eEYHP9hBHndt9firfOwXENP8H0FJ6lgkQpL1kbv8EJ7JzmEWKBMw0sf9rnkTCEql9I=
X-Received: by 2002:a17:907:9802:b0:aa6:834b:d136 with SMTP id
 a640c23a62f3a-aac2d435474mr850012466b.33.1734835665370; Sat, 21 Dec 2024
 18:47:45 -0800 (PST)
Received: from 753933720722 named unknown by gmailapi.google.com with
 HTTPREST; Sun, 22 Dec 2024 02:47:45 +0000
From: Stefan Kangas <stefankangas@HIDDEN>
In-Reply-To: <87bjx43gp7.fsf@HIDDEN>
References: <87bjx43gp7.fsf@HIDDEN>
MIME-Version: 1.0
Date: Sun, 22 Dec 2024 02:47:45 +0000
Message-ID: <CADwFkmk-W0ijE_4T0LMc3wqcp8BojQsb-+i998W6kZ2Hqnb2Wg@HIDDEN>
Subject: Re: bug#75017: 31.0.50; Untrusted user lisp files
To: john muhl <jm@HIDDEN>, 75017 <at> debbugs.gnu.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 75017
Cc: Eli Zaretskii <eliz@HIDDEN>, Andrea Corallo <acorallo@HIDDEN>,
 Stefan Monnier <monnier@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

john muhl <jm@HIDDEN> writes:

> user-init-file is trusted by default but not other user files.
>
>   C-xf ~/.emacs.d/early-init.el
>   M-x flymake-mode
>
> Produces a warning:
>
>   Disabling elisp-flymake-byte-compile in early-init.el (untrusted conten=
t)
>
> custom-file (when not the same as user-init-file) also causes a
> warning. Should these also be trusted by default?
>
> What about files put in place by a system admin or your distro=E2=80=99s
> Emacs package (e.g. site-run-file, default.el)? They generally
> require root priviledges to install so if they can=E2=80=99t be trusted
> you=E2=80=99re already in trouble.

Makes sense to me.

Maybe we should install something like the below?

diff --git a/lisp/files.el b/lisp/files.el
index c92fc0608dd..293f3c59c0d 100644
--- a/lisp/files.el
+++ b/lisp/files.el
@@ -748,10 +748,16 @@ trusted-content-p
          (with-demoted-errors "trusted-content-p: %S"
            (let ((exists (file-exists-p buffer-file-truename)))
              (or
-              ;; We can't avoid trusting the user's init file.
-              (if (and exists user-init-file)
-                  (file-equal-p buffer-file-truename user-init-file)
-                (equal buffer-file-truename user-init-file))
+              ;; We can't avoid trusting the user's init file, etc.
+              (memq t
+                    (mapcar
+                     (lambda (file)
+                       (if (and exists file)
+                           (file-equal-p buffer-file-truename file)
+                         (equal buffer-file-truename file)))
+                     (list user-init-file
+                           early-init-file
+                           site-run-file)))
               (let ((file (abbreviate-file-name buffer-file-truename))
                     (trusted nil))
                 (dolist (tf trusted-content)
Information forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 21 Dec 2024 20:49:03 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Dec 21 15:49:03 2024
Received: from localhost ([127.0.0.1]:48112 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tP6PG-0007hP-E5
	for submit <at> debbugs.gnu.org; Sat, 21 Dec 2024 15:49:02 -0500
Received: from lists.gnu.org ([209.51.188.17]:33168)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <jm@HIDDEN>) id 1tP6PE-0007h0-Ju
 for submit <at> debbugs.gnu.org; Sat, 21 Dec 2024 15:49:01 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <jm@HIDDEN>) id 1tP6PE-0000oS-D8
 for bug-gnu-emacs@HIDDEN; Sat, 21 Dec 2024 15:49:00 -0500
Received: from fhigh-b3-smtp.messagingengine.com ([202.12.124.154])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <jm@HIDDEN>) id 1tP6PC-0004P3-Gu
 for bug-gnu-emacs@HIDDEN; Sat, 21 Dec 2024 15:49:00 -0500
Received: from phl-compute-06.internal (phl-compute-06.phl.internal
 [10.202.2.46])
 by mailfhigh.stl.internal (Postfix) with ESMTP id 24EB1254013E
 for <bug-gnu-emacs@HIDDEN>; Sat, 21 Dec 2024 15:48:55 -0500 (EST)
Received: from phl-mailfrontend-01 ([10.202.2.162])
 by phl-compute-06.internal (MEProxy); Sat, 21 Dec 2024 15:48:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pub.pink; h=cc
 :content-transfer-encoding:content-type:content-type:date:date
 :from:from:in-reply-to:message-id:mime-version:reply-to:subject
 :subject:to:to; s=fm1; t=1734814134; x=1734900534; bh=11IoLMiclO
 2aKNOnof20ce7gpH4uC4+/+KcWokokmgY=; b=NJ2pWWxetkJStulOlxMhVzQteU
 qkR8FC54B6kvQMcHi64J50k/UW7TfkLXBE8XT/rUm+hb2LKl/xMOIxyBeBc5MXok
 LSAmFwvcW2G7EOKqfSiJiSAcV9rgRXqM5PV9ougb+NTZof9JEhDdYqGtQHkAebsr
 ngEml9wiJpPIv52+lCEGIYNxNpI+2zXoAMI5InA594yHyMuh5vd1VMtEF5WSwR6C
 JqFvReRU2jJdZuCK8LbfzflZH+UT3tae9lI2tjEnLRWHg2PzigCGcD1Mm2oYoqBY
 7NBryQJ97TyNnp11V4rxog1aPX6zA+NKEgWEs8xB7pzm/k3/hkOH0CVt2mRA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :content-type:date:date:feedback-id:feedback-id:from:from
 :in-reply-to:message-id:mime-version:reply-to:subject:subject:to
 :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=
 1734814134; x=1734900534; bh=11IoLMiclO2aKNOnof20ce7gpH4uC4+/+Kc
 WokokmgY=; b=wtPX12rZJVYhUMwVMfyEciuaJh2C4Roqu2fjzZt8d3z/XQOaMFK
 +0+kp7bmZUUayJagvA7zTfCHEXCEazTSRSsX+CYEE04SGPUePX4i8pSaG8RvyHaW
 hJq75eZKarM+8boWvd1syWdP4IUTay1EUghXl2l63J9yJ/lQnevquu/bagWAHWvg
 jMA7LIu/kreDq9jdMcnBlfajWmnCwP/N53CA8MnkhYo34UtOyF1nORPCKQhZ/uIC
 ndQZ0HOR2XU/j6Ah75RKLz1E8Mw7ZC7SsAhfvRrt1F7iT2bmUp7/ECdZnAE5FUDK
 cu7ucUnGEU7/itFZ9JEzXdz7wrpDfAEep1Q==
X-ME-Sender: <xms:tilnZ0pLxZzBY0Ch7E3M6WnOisGPeXlEzmiKGpXheH7mAh-rC5z__A>
 <xme:tilnZ6qm090Ky1kUEnNSw5Ees39lmkklNJ1tCUtdHPS480zFEufxgL3ilTZksqPyU
 Ywh4vGEeQJwDyAQ5Iw>
X-ME-Received: <xmr:tilnZ5MK86KAtYw9eVtI8EtJIOJ8dMYQ8BAQCZwZ8CToM6aszg6fsn8ExevjSujcrozQcnIVUfUNebsnzeZ5MBKX-1PYjm0>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddthedguddujecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp
 uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffvuf
 ffkfggtgfgsehtqhertddttdejnecuhfhrohhmpehjohhhnhcumhhuhhhluceojhhmsehp
 uhgsrdhpihhnkheqnecuggftrfgrthhtvghrnhepteeuhffgueeijeetkeffjedutedtue
 eukeeuffekieelkeeugeelfeekhfeghfeunecuvehluhhsthgvrhfuihiivgeptdenucfr
 rghrrghmpehmrghilhhfrhhomhepjhhmsehpuhgsrdhpihhnkhdpnhgspghrtghpthhtoh
 epuddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepsghughdqghhnuhdqvghmrggt
 shesghhnuhdrohhrgh
X-ME-Proxy: <xmx:tilnZ77-Yju-sx47wD1v_uxZy2r5uF95miD37onFxxTpnYeS7-_OZQ>
 <xmx:tilnZz7vcBEKvlF2FaQfnjdHMX5ZI21vu5E0SnP9uG6W-Uk_NNuyuA>
 <xmx:tilnZ7gtFrZAM7kmnrarBLItnGnkgclzHj8fv3Sx4mZrwNLdEWNyIw>
 <xmx:tilnZ95YwpyQf7nVPzfFJOqhlyRBDF0ckvQoN4u3f_OLSeL9I7_L3A>
 <xmx:tilnZ9TjxxILEuc098L-b14ImZBRU5F1ZN3rpit5IbXGY6iSltUaFF_8>
Feedback-ID: i74194916:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for
 <bug-gnu-emacs@HIDDEN>; Sat, 21 Dec 2024 15:48:54 -0500 (EST)
From: john muhl <jm@HIDDEN>
To: bug-gnu-emacs@HIDDEN
Subject: 31.0.50; Untrusted user lisp files
X-Debbugs-Cc: 
Date: Sat, 21 Dec 2024 14:48:52 -0600
Message-ID: <87bjx43gp7.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=202.12.124.154; envelope-from=jm@HIDDEN;
 helo=fhigh-b3-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.6 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.6 (--)

user-init-file is trusted by default but not other user files.

  C-xf ~/.emacs.d/early-init.el
  M-x flymake-mode

Produces a warning:

  Disabling elisp-flymake-byte-compile in early-init.el (untrusted content)

custom-file (when not the same as user-init-file) also causes a
warning. Should these also be trusted by default?

What about files put in place by a system admin or your distro=E2=80=99s
Emacs package (e.g. site-run-file, default.el)? They generally
require root priviledges to install so if they can=E2=80=99t be trusted
you=E2=80=99re already in trouble.




In GNU Emacs 31.0.50 (build 87, x86_64-pc-linux-gnu, GTK+ Version
 3.24.43, cairo version 1.18.2) of 2024-12-21 built on thelio
 Repository revision: ff4fcfc92cd80c9dbc68855549102d07ef419268
 Repository branch: master
 System Description: Fedora
 Linux 41 (Workstation Edition)

Configured using:
 'configure --with-pgtk --prefix=3D/home/jm/opt'

Configured features:
ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ
JPEG LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 MODULES NATIVE_COMP
NOTIFY INOTIFY PDUMPER PGTK PNG RSVG SECCOMP SOUND SQLITE3 THREADS
TIFF TOOLKIT_SCROLL_BARS TREE_SITTER WEBP XIM GTK3 ZLIB

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8-unix

Major mode: ELisp/l

Minor modes in effect:
  server-mode: t
  bug-reference-prog-mode: t
  bug-reference-mode: t
  completion-preview-mode: t
  outline-minor-mode: t
  ruler-mode: t
  winner-mode: t
  savehist-mode: t
  repeat-mode: t
  midnight-mode: t
  global-visual-wrap-prefix-mode: t
  visual-wrap-prefix-mode: t
  global-paren-face-mode: t
  paren-face-mode: t
  global-goto-address-mode: t
  goto-address-mode: t
  global-auto-revert-mode: t
  electric-pair-mode: t
  dynamic-completion-mode: t
  desktop-save-mode: t
  delete-selection-mode: t
  auto-insert-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  eldoc-mode: t
  show-paren-mode: t
  electric-quote-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  context-menu-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  minibuffer-regexp-mode: t
  column-number-mode: t
  line-number-mode: t
  transient-mark-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  auto-save-visited-mode: t

Load-path shadows:
None found.

Features:
(shadow sort mail-extr emacsbug magit-utils crm dash misearch
multi-isearch texinfo texinfo-loaddefs tex-mode compare-w
make-mode css-mode smie sgml-mode facemenu imenu eww vtable
url-queue shr pixel-fill kinsoku url-file svg xml dom mm-url gnus
message sendmail yank-media puny rfc822 mml mml-sec epa epg
rfc6068 epg-config mm-decode mm-bodies mm-encode mail-parse
rfc2231 rfc2047 rfc2045 ietf-drums mailabbrev gmm-utils mailheader
nnheader gnus-util mail-utils range mm-util mail-prsvr color
python skeleton cc-mode cc-fonts cc-guess cc-menus cc-cmds
cc-styles cc-align cc-engine cc-langs cc-vars cc-defs cc-bytecomp
c++-ts-mode c-ts-mode c-ts-common mule-util dired-aux dired-x
dired dired-loaddefs lua-ts-mode treesit flymake server warnings
tabify fennel-mode xref project inf-lisp shell pcomplete shortdoc
help-fns radix-tree cl-print debug backtrace find-func apropos
cursor-sensor compile text-property-search comint ansi-osc
ansi-color comp-run comp-common smerge-mode diff disp-table
whitespace emacs-news-mode time-date vc-git diff-mode
track-changes derived files-x vc-dir ewoc vc vc-dispatcher
bug-reference completion-preview easy-mmode pcase noutline outline
ruler-mode specter-theme auth-source-pass winner ring savehist
repeat midnight visual-wrap paren-face compat goto-addr thingatpt
cl-extra help-mode autorevert filenotify elec-pair completion
desktop frameset delsel autoinsert cus-start time init
fennel-mode-autoloads magit-autoloads git-commit-autoloads
dash-autoloads magit-section-autoloads paren-face-autoloads
finder-inf info with-editor-autoloads xr-autoloads package
browse-url xdg url url-proxy url-expand url-methods url-history
url-cookie generate-lisp-file url-domsuf url-util mailcap
url-handlers url-parse auth-source cl-seq eieio eieio-core cl-macs
password-cache json map byte-opt gv bytecomp byte-compile
url-privacy url-vars early-init rx subr-x cus-edit pp cus-load
icons wid-edit cl-loaddefs cl-lib rmc iso-transl tooltip cconv
eldoc paren electric uniquify ediff-hook vc-hooks lisp-float-type
elisp-mode mwheel term/pgtk-win pgtk-win term/common-win
touch-screen pgtk-dnd tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode lisp-mode prog-mode
register page tab-bar menu-bar rfn-eshadow isearch easymenu timer
select scroll-bar mouse jit-lock font-lock syntax font-core
term/tty-colors frame minibuffer nadvice seq simple cl-generic
indonesian philippine cham georgian utf-8-lang misc-lang
vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms
cp51932 hebrew greek romanian slovak czech european ethiopic
indian cyrillic chinese composite emoji-zwj charscript charprop
case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure
cl-preloaded button loaddefs theme-loaddefs faces cus-face
macroexp files window text-properties overlay sha1 md5 base64
format env code-pages mule custom widget keymap
hashtable-print-readable backquote threads dbusbind inotify
dynamic-setting system-font-setting font-render-setting cairo gtk
pgtk multi-tty move-toolbar make-network-process tty-child-frames
native-compile emacs)

Memory information:
((conses 16 4219242 387989) (symbols 48 31297 4)
 (strings 32 279165 15056) (string-bytes 1 12853103)
 (vectors 16 57830) (vector-slots 8 656011 595942) (floats 8 646 3216)
 (intervals 56 848446 3470) (buffers 992 79))
Acknowledgement sent to john muhl <jm@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs@HIDDEN. Full text available.
Report forwarded to bug-gnu-emacs@HIDDEN:
bug#75017; Package emacs. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Sun, 12 Jan 2025 05:45:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.