Add support for --seccomp command-line option.scratch/seccomp-emacs-open

When passing this option on GNU/Linux, Emacs installs a Secure Computing kernel system call filter. See Bug#45198. * configure.ac: Check for seccomp header. * src/emacs.c (usage_message): Document --seccomp option. (emacs_seccomp): New wrapper for 'seccomp' syscall. (load_seccomp, maybe_load_seccomp): New helper functions. (main): Potentially load seccomp filters during startup. (standard_args): Add --seccomp option. * lisp/startup.el (command-line): Detect and ignore --seccomp option. * test/src/emacs-tests.el (emacs-tests/seccomp/absent-file) (emacs-tests/seccomp/empty-file) (emacs-tests/seccomp/file-too-large) (emacs-tests/seccomp/invalid-file-size): New unit tests. (emacs-tests--with-temp-file): New helper macro. * etc/NEWS: Document new --seccomp option.
author: Philipp Stephani 2020-12-14 21:25:11 +0100
committer: Philipp Stephani 2021-04-10 18:47:26 +0200
commit: be8328acf9aa464f848e682e63e417a18529af9e (patch)
tree: b7f8191920af5e326b2a2feac9ddbeb8551fadba /etc
parent: 53dfd85a7f971875e716a55f010ee508bce89eed (diff)
download: emacs-scratch/seccomp-emacs-open.tar.gz
emacs-scratch/seccomp-emacs-open.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/etc/NEWS b/etc/NEWS
index 9ae37404823..0956084fc1a 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -90,6 +90,16 @@ lacks the terminfo database, you can instruct Emacs to support 24-bit
 true color by setting 'COLORTERM=truecolor' in the environment.  This is
 useful on systems such as FreeBSD which ships only with "etc/termcap".
+** On GNU/Linux systems, Emacs now supports loading a Secure Computing
+filter.  To use this, you can pass a --seccomp=FILE command-line
+option to Emacs.  FILE must name a binary file containing an array of
+'struct sock_filter' structures.  Emacs will then install that list of
+Secure Computing filters into its own process early during the startup
+process.  You can use this functionality to put an Emacs process in a
+sandbox to avoid security issues when executing untrusted code.  See
+the manual page for 'seccomp' for details about Secure Computing
+filters.
 * Changes in Emacs 28.1
author	Philipp Stephani	2020-12-14 21:25:11 +0100
committer	Philipp Stephani	2021-04-10 18:47:26 +0200
commit	be8328acf9aa464f848e682e63e417a18529af9e (patch)
tree	b7f8191920af5e326b2a2feac9ddbeb8551fadba /etc
parent	53dfd85a7f971875e716a55f010ee508bce89eed (diff)
download	emacs-scratch/seccomp-emacs-open.tar.gz emacs-scratch/seccomp-emacs-open.zip

diff --git a/etc/NEWS b/etc/NEWS index 9ae37404823..0956084fc1a 100644 --- a/etc/NEWS +++ b/etc/NEWS
@@ -90,6 +90,16 @@ lacks the terminfo database, you can instruct Emacs to support 24-bit
90	true color by setting 'COLORTERM=truecolor' in the environment. This is	90	true color by setting 'COLORTERM=truecolor' in the environment. This is
91	useful on systems such as FreeBSD which ships only with "etc/termcap".	91	useful on systems such as FreeBSD which ships only with "etc/termcap".
92		92
		93	** On GNU/Linux systems, Emacs now supports loading a Secure Computing
		94	filter. To use this, you can pass a --seccomp=FILE command-line
		95	option to Emacs. FILE must name a binary file containing an array of
		96	'struct sock_filter' structures. Emacs will then install that list of
		97	Secure Computing filters into its own process early during the startup
		98	process. You can use this functionality to put an Emacs process in a
		99	sandbox to avoid security issues when executing untrusted code. See
		100	the manual page for 'seccomp' for details about Secure Computing
		101	filters.
		102
93		103
94	* Changes in Emacs 28.1	104	* Changes in Emacs 28.1
95		105