From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: David Kastrup <dak@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Emacs Lisp's future
Date: Tue, 07 Oct 2014 19:50:33 +0200
Message-ID: <87egujahw6.fsf@fencepost.gnu.org>
References: <54193A70.9020901@member.fsf.org> <834mvttgsf.fsf@gnu.org>
	<jwvoau19n3n.fsf-monnier+emacs@gnu.org>
	<87lhp5m99w.fsf@fencepost.gnu.org>
	<jwviok99jki.fsf-monnier+emacs@gnu.org>
	<87h9ztm5oa.fsf@fencepost.gnu.org>
	<jwvd2ah9hve.fsf-monnier+emacs@gnu.org>
	<87d2ahm3nw.fsf@fencepost.gnu.org>
	<jwv1tqx9ea3.fsf-monnier+emacs@gnu.org>
	<E1XYNnY-0005Zo-Kz@fencepost.gnu.org> <871tqneyvl.fsf@netris.org>
	<E1XatgY-00062K-7y@fencepost.gnu.org> <87d2a54t1m.fsf@yeeloong.lan>
	<83lhotme1e.fsf@gnu.org> <871tql17uw.fsf@yeeloong.lan>
	<838uktm9gw.fsf@gnu.org> <E1XbVNk-0005OC-84@fencepost.gnu.org>
	<87h9zgarvp.fsf@fencepost.gnu.org> <87mw97rjwm.fsf@yeeloong.lan>
	<mvmppe3ew0h.fsf@hawking.suse.de> <8761fvn8io.fsf@yeeloong.lan>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1412704272 26586 80.91.229.3 (7 Oct 2014 17:51:12 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 7 Oct 2014 17:51:12 +0000 (UTC)
Cc: Richard Stallman <rms@gnu.org>, Andreas Schwab <schwab@suse.de>,
	dmantipov@yandex.ru, emacs-devel@gnu.org, handa@gnu.org,
	monnier@iro.umontreal.ca, Eli Zaretskii <eliz@gnu.org>, stephen@xemacs.org
To: Mark H Weaver <mhw@netris.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Oct 07 19:51:05 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XbYue-0008V2-7Z
	for ged-emacs-devel@m.gmane.org; Tue, 07 Oct 2014 19:51:04 +0200
Original-Received: from localhost ([::1]:60113 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XbYud-0004Gk-UZ
	for ged-emacs-devel@m.gmane.org; Tue, 07 Oct 2014 13:51:03 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:35246)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <dak@gnu.org>)
	id 1XbYuN-0004GU-OI
	for emacs-devel@gnu.org; Tue, 07 Oct 2014 13:50:48 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dak@gnu.org>) id 1XbYuM-00058M-9P
	for emacs-devel@gnu.org; Tue, 07 Oct 2014 13:50:47 -0400
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:46336)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <dak@gnu.org>)
	id 1XbYuM-00058I-5c
	for emacs-devel@gnu.org; Tue, 07 Oct 2014 13:50:46 -0400
Original-Received: from localhost ([127.0.0.1]:53509 helo=lola)
	by fencepost.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dak@gnu.org>)
	id 1XbYuA-0006sL-Hu; Tue, 07 Oct 2014 13:50:35 -0400
Original-Received: by lola (Postfix, from userid 1000)
	id C75BEE0545; Tue,  7 Oct 2014 19:50:33 +0200 (CEST)
In-Reply-To: <8761fvn8io.fsf@yeeloong.lan> (Mark H. Weaver's message of "Tue, 
	07 Oct 2014 12:34:39 -0400")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2001:4830:134:3::e
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:175090
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/175090>

Mark H Weaver <mhw@netris.org> writes:

> Andreas Schwab <schwab@suse.de> writes:
>
>> Mark H Weaver <mhw@netris.org> writes:
>>
>>> However, if the overlong sequence came from the network, and Emacs
>>> propagates it unchanged to internal subsystems[*] (e.g. via command-line
>>> arguments to subprocesses), that's not good.  It exposes another program
>>> to invalid input -- a program that might not be designed for exposure to
>>> possible attacks via overlong encodings.
>>
>> At least it doesn't make it worse (it is unchanged from the situation if
>> you remove Emacs as a filter).
>
> In the case of mere "filtering", you might be right in some cases.
>
> However, the case I'm worried about is where some small piece of the
> hostile input is extracted and passed as an argument to another program.
> In cases like this it doesn't make sense to think of emacs as a
> "filter", and you'd never be able to "remove" it.
>
> It's like saying that a web application that passes unsanitized input to
> an SQL query "doesn't make it worse", and that the situation is
> unchanged from if you provided public access to the SQL database.

If GUILE or Emacs is supposed to sanitize input, you tell it to sanitize
input.  That's different from GUILE/Emacs deciding over your head what
is good for your application.

Again, confusing the responsibilities and capabilities of an engine from
those of an application is sure to lead to mismatches between
requirements and capabilities.  An engine has to work.  Not just given
certain circumstances, but always.  Anything else is a recipe for
trouble.

-- 
David Kastrup