From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ted Zlatanov <tzz@lifelogs.com>
Newsgroups: gmane.emacs.devel
Subject: Re: DSO-style FFI
Date: Fri, 18 Oct 2013 09:31:28 -0400
Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos
Message-ID: <87eh7iogcv.fsf@flea.lifelogs.com>
References: <877gdqrc9u.fsf@flea.lifelogs.com>
	<jwv1u3ymjkd.fsf-monnier+emacs@gnu.org>
	<87mwmmp05f.fsf@flea.lifelogs.com>
	<jwvhactlp35.fsf-monnier+emacs@gnu.org>
	<87fvsdpato.fsf@flea.lifelogs.com> <8738oc20xk.fsf@flea.lifelogs.com>
	<jwvr4bw667d.fsf-monnier+emacs@gnu.org>
	<87d2ngzlyl.fsf_-_@flea.lifelogs.com>
	<jwva9ik5vqw.fsf-monnier+emacs@gnu.org>
	<87siwcxda7.fsf@flea.lifelogs.com>
	<jwvzjqj220k.fsf-monnier+emacs@gnu.org>
	<87zjqjfz36.fsf@fleche.redhat.com>
	<jwv8uy3jhvy.fsf-monnier+emacs@gnu.org>
	<87wqlitse5.fsf@maru2.md5i.com>
	<jwvbo2uqqa7.fsf-monnier+emacs@gnu.org>
Reply-To: emacs-devel@gnu.org
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1382103095 17405 80.91.229.3 (18 Oct 2013 13:31:35 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Fri, 18 Oct 2013 13:31:35 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Oct 18 15:31:38 2013
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1VXA9R-0005QA-3A
	for ged-emacs-devel@m.gmane.org; Fri, 18 Oct 2013 15:31:37 +0200
Original-Received: from localhost ([::1]:57730 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1VXA9Q-0004mS-NN
	for ged-emacs-devel@m.gmane.org; Fri, 18 Oct 2013 09:31:36 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:34240)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1VXA9I-0004dv-QX
	for emacs-devel@gnu.org; Fri, 18 Oct 2013 09:31:34 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1VXA9C-0001yL-S5
	for emacs-devel@gnu.org; Fri, 18 Oct 2013 09:31:28 -0400
Original-Received: from plane.gmane.org ([80.91.229.3]:57057)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1VXA9C-0001yG-Lz
	for emacs-devel@gnu.org; Fri, 18 Oct 2013 09:31:22 -0400
Original-Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1VXA97-0005Eo-JH
	for emacs-devel@gnu.org; Fri, 18 Oct 2013 15:31:17 +0200
Original-Received: from c-98-229-61-72.hsd1.ma.comcast.net ([98.229.61.72])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Fri, 18 Oct 2013 15:31:17 +0200
Original-Received: from tzz by c-98-229-61-72.hsd1.ma.comcast.net with local (Gmexim
	0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Fri, 18 Oct 2013 15:31:17 +0200
X-Injected-Via-Gmane: http://gmane.org/
Mail-Followup-To: emacs-devel@gnu.org
Original-Lines: 26
Original-X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: c-98-229-61-72.hsd1.ma.comcast.net
X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6;
	d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT=
	D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx"
Mail-Copies-To: never
User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux)
Cancel-Lock: sha1:LG//oHkA5tyUXKKzUOpLSGNCZVI=
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.229.3
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:164300
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/164300>

On Sat, 12 Oct 2013 14:55:26 -0400 Stefan Monnier <monnier@IRO.UMontreal.CA> wrote: 

>> The problems I see are A) that it would be trivial to use such an
>> interface to crash or subvert emacs from elisp,

SM> This is a fundamental property of anything that lets gives access to
SM> "any" library.  DSO or FFI is in the same boat.  IOW, if we really
SM> consider it as too dangerous, then we can't provide anything related to
SM> an FFI or dynamic loading of code.

This is where package signing becomes important.  We can require two
signatures from two separate reviewers for high-risk packages.

>> and B) that such a binding will allow people to write non-free
>> extensions to Emacs in just the way that RMS has specifically stated
>> that he would like to avoid.

SM> Presumably we can prevent it by checking (before loading the library)
SM> that the library is compatible with the GPL (following the scheme
SM> designed originally for gcc).

This can be declared by the author in the packaging.  Do we need to spend
time on an elaborate scheme that can be trivially subverted?  Or are
there other concerns I'm not getting?

Ted