From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Stephen Leake <stephen_leake@stephe-leake.org>
Newsgroups: gmane.emacs.devel
Subject: Re: emacs-dynamic-module in Emacs Git?
Date: Wed, 03 Dec 2014 15:11:05 -0600
Message-ID: <85tx1cqw0m.fsf@stephe-leake.org>
References: <m3zjbqouyk.fsf@stories.gnus.org>
	<87wq6tu5m5.fsf@kima.orebokech.com>
	<jwva93pptp5.fsf-monnier+emacs@gnu.org>
	<85h9xwhpy9.fsf@stephe-leake.org>
	<jwv7fysmrvy.fsf-monnier+emacs@gnu.org> <87k32sh50f.fsf@lifelogs.com>
	<85tx1rg64e.fsf_-_@stephe-leake.org>
	<jwvbnnzxmo7.fsf-monnier+emacs@gnu.org> <87siha7r3b.fsf@lifelogs.com>
	<CA+5B0FORNxYB0zbzfhbRmik+PK5JwiqbBj6jaqRCgW83RDg_7Q@mail.gmail.com>
	<CA+5B0FP7Vn8-5zQYzN0fHqu_Hbz1jU6J1ON1+kAHr6cyLEP3qQ@mail.gmail.com>
	<87lhmz4mtj.fsf@lifelogs.com>
	<CA+5B0FO7ikc-vaJAUqZtnhYEQe4OTCaaKCJqPDYaJu3HfKoWXQ@mail.gmail.com>
	<87sih575rc.fsf@lifelogs.com> <8361dyaqf1.fsf@gnu.org>
	<CA+5B0FNWeQv3tWSt78UCD-wTYZr952y92c83zOr=RU71jTQ_SQ@mail.gmail.com>
	<83zjb771px.fsf@gnu.org> <851tojm0z6.fsf@stephe-leake.org>
	<838uiq7m8b.fsf@gnu.org> <85d281jbgn.fsf@stephe-leake.org>
	<87ppc1uhnv.fsf@fencepost.gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1417641105 6544 80.91.229.3 (3 Dec 2014 21:11:45 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Wed, 3 Dec 2014 21:11:45 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Dec 03 22:11:38 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XwHCz-00070B-PC
	for ged-emacs-devel@m.gmane.org; Wed, 03 Dec 2014 22:11:37 +0100
Original-Received: from localhost ([::1]:43366 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XwHCz-00048d-BR
	for ged-emacs-devel@m.gmane.org; Wed, 03 Dec 2014 16:11:37 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41033)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stephen_leake@stephe-leake.org>) id 1XwHCb-00041j-Ob
	for emacs-devel@gnu.org; Wed, 03 Dec 2014 16:11:19 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stephen_leake@stephe-leake.org>) id 1XwHCW-0001jE-Dv
	for emacs-devel@gnu.org; Wed, 03 Dec 2014 16:11:13 -0500
Original-Received: from dnvrco-outbound-snat.email.rr.com ([107.14.73.232]:36463
	helo=dnvrco-oedge-vip.email.rr.com)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stephen_leake@stephe-leake.org>) id 1XwHCW-0001in-8O
	for emacs-devel@gnu.org; Wed, 03 Dec 2014 16:11:08 -0500
Original-Received: from [70.94.38.149] ([70.94.38.149:49350] helo=TAKVER)
	by dnvrco-oedge03 (envelope-from <stephen_leake@stephe-leake.org>)
	(ecelerity 3.5.0.35861 r(Momo-dev:tip)) with ESMTP
	id 7F/E0-01361-B6C7F745; Wed, 03 Dec 2014 21:11:07 +0000
In-Reply-To: <87ppc1uhnv.fsf@fencepost.gnu.org> (David Kastrup's message of
	"Wed, 03 Dec 2014 11:55:16 +0100")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.94 (windows-nt)
X-RR-Connecting-IP: 107.14.64.142:25
X-Authority-Analysis: v=2.1 cv=Zu9jKrLG c=1 sm=1 tr=0
	a=AppmJ/7ZOOFWL/q6u6u93g==:117 a=AppmJ/7ZOOFWL/q6u6u93g==:17
	a=ayC55rCoAAAA:8 a=fNEgcOh0sVsA:10 a=9i_RQKNPAAAA:8
	a=mDV3o1hIAAAA:8 a=-Bnp6NcK2czrJzoC2OIA:9
X-Cloudmark-Score: 0
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 107.14.73.232
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:178776
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/178776>

David Kastrup <dak@gnu.org> writes:

> Stephen Leake <stephen_leake@stephe-leake.org> writes:
>
>> Eli Zaretskii <eliz@gnu.org> writes:
>>
>>>> > I don't think this is correct: we don't really want to export all the
>>>> > symbols.
>>>> 
>>>> Why not?
>>>
>>> Security: you don't want to expose all of the Emacs bowels to any
>>> external program out there.
>>
>> There are many other aspects to security; I doubt this particular
>> strategy will really help.
>>
>> There are better ways to prevent bad code getting into Emacs; code
>> reviewed signed modules is probably the best way.
>
> That does not help against things like buffer overrun exploits, 

If someone can get a buffer overrun exploit past an Emacs developer code
review, then they can get it in Emacs core, so we are already vulnerable
to that.

Code reviewed dynamically linked modules do not change that risk.

-- 
-- Stephe