Towards trust in Emacs(eshelyaron.com)
59 points by eshelyaron 2 days ago | 4 comments
accelbred 14 minutes ago
The one problem I have with the trusted files thing is that I have no way to trust non-file-visiting buffers. Why is *scratch* untrusted!? *scratch* should always be trusted, without me having to configure anything, ideally. Though a setting to automatically trust non-file-visiting buffers would be nice. I just ended up stopping using the scratch buffer because of that issue.
2 hours ago
like_any_other 1 hour ago
It's getting so very old - all I want out of a process is code autocomplete, but I have to grant it read & write permission to my entire disk and network. When do we get good permissions and sandboxing and isolation? This can't go on.
nextos 29 minutes ago
I agree granting processes permission to read any file is unsustainable.

In Linux, sandboxing with Firejail and bwrap is quite easy to configure and allows fine-grained permissions.

Also, the new Landlock LSM and LSM-eBPF are quite promising.

boxedemp 1 hour ago
I build my own. Maybe I nee to externalize it...
2 hours ago