Re: [CEDET-devel] error: Attempt to load an unsafe project (bug elsewhere in EDE)
Brought to you by:
zappo
From: Eric M. L. <er...@si...> - 2013-03-03 02:42:07
|
On 02/25/2013 03:56 PM, Lluís wrote: > Eric M Ludlam writes: [...] >>> ede-generic-load ede-generic-makefile-project t nil nil] "/project-root/")) >>> ede-auto-load-project([object ede-project-autoload "generic-makefile" "Make" ede/generic "Makefile" "" unbound nil ede-generic-load ede-generic-makefile-project t nil nil] "/project-root/") > >> This shows that it is using the "generic makefile" project autoloader. All the >> "generic" project types are unsafe because they might load a configuration save >> file. I didn't have time to add safety checking as a separate entity for >> generic project types, so I just used the generic safety feature instead. > > But shouldn't it be unsafe only when actually loading a config file? What I mean > is, shouldn't the check instead be on the routine that actually loads a > Project.ede file? Yes, that is correct. At the time I didn't have a way to make that safe using the EDE question asking feature so I just marked the whole thing as unsafe. The new eieio file loader is much safer than it was, but it is unclear to me if there is a willingness to trust it on the part of the Emacs maintainers. If it is trustable, then we can just make these generic projects safe again. I think this would be ok because the generic projects load the configuration denying subclasses of the loaded configuration, so there is no way a malicious ede config could get loaded unless the attacker already loaded in some arbitrary lisp code, in which case the EDE file doesn't matter. Perhaps David has some thoughts on the security issue that could help decide if that is ok. Eric |