From: Lars Ingebrigtsen <larsi@gnus.org>
To: Eli Zaretskii <eliz@gnu.org>
Cc: Stefan Kangas <stefan@marxist.se>, 19565@debbugs.gnu.org
Subject: bug#19565: Emacs vulnerable to endless-data attack (minor)
Date: Mon, 07 Oct 2019 03:51:35 +0200 [thread overview]
Message-ID: <874l0le314.fsf@gnus.org> (raw)
In-Reply-To: <83a7ad3hlf.fsf@gnu.org> (Eli Zaretskii's message of "Sun, 06 Oct 2019 20:32:28 +0300")
Eli Zaretskii <eliz@gnu.org> writes:
>> I think this affects more than just package.el. AFAICT, anywhere we
>> use the url library, an endless data attack can get Emacs to fill up
>> all available memory (wasting also bandwidth resources, of course).
>
> At which point the system will kill the Emacs process. Why is that a
> problem we need to work, given that we already have at least some
> protection against stack overflows and running out of memory?
It's not something we have to do, but it would be nice to have some
protection against this.
>> For example, a new keyword argument :max-size, which would make it
>> stop after having reached that many bytes.
>
> The Gnu Coding Standards frown on having arbitrary limits in a
> program. So this could only work if we had some reasonable way of
> computing a limit that is not arbitrary.
I think it would perhaps make some sense to warn (or query) the user if
you get more data than `large-file-warning-threshold'. I think it would
be pretty trivial to implement -- at least in the new with-fetched-url
interface, which I think is where this pretty theoretical problem is
least theoretical, perhaps?
On the other hand, I could see that in some ways it would be easier to
implement in wait_reading_process_output: We could just maintain a byte
counter in the process objects (if we don't do that already) and have a
callback we call if that counter grows larger than
`large-file-warning-threshold'.
That way Emacs wouldn't be open to flooding from, say, rogue SMTP
servers, either.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
next prev parent reply other threads:[~2019-10-07 1:51 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-11 11:12 bug#19565: Emacs vulnerable to endless-data attack (minor) Kelly Dean
2015-01-11 18:33 ` Richard Stallman
2015-01-11 21:18 ` Kelly Dean
2019-10-06 3:13 ` Stefan Kangas
2019-10-06 17:32 ` Eli Zaretskii
2019-10-07 1:51 ` Lars Ingebrigtsen [this message]
2019-10-07 12:50 ` Stefan Kangas
2019-10-07 16:13 ` Eli Zaretskii
2019-10-08 16:27 ` Lars Ingebrigtsen
2019-10-08 16:47 ` Eli Zaretskii
2019-10-08 16:50 ` Stefan Kangas
2019-10-08 17:22 ` Eli Zaretskii
2019-10-08 17:38 ` Stefan Kangas
2019-10-08 18:02 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874l0le314.fsf@gnus.org \
--to=larsi@gnus.org \
--cc=19565@debbugs.gnu.org \
--cc=eliz@gnu.org \
--cc=stefan@marxist.se \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).