From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: David Kastrup <dak@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: emacs-dynamic-module in Emacs Git?
Date: Wed, 03 Dec 2014 11:55:16 +0100
Organization: Organization?!?
Message-ID: <87ppc1uhnv.fsf@fencepost.gnu.org>
References: <m3zjbqouyk.fsf@stories.gnus.org>
	<jwvk32uq67g.fsf-monnier+emacs@gnu.org>
	<87wq6tu5m5.fsf@kima.orebokech.com>
	<jwva93pptp5.fsf-monnier+emacs@gnu.org>
	<85h9xwhpy9.fsf@stephe-leake.org>
	<jwv7fysmrvy.fsf-monnier+emacs@gnu.org> <87k32sh50f.fsf@lifelogs.com>
	<85tx1rg64e.fsf_-_@stephe-leake.org>
	<jwvbnnzxmo7.fsf-monnier+emacs@gnu.org> <87siha7r3b.fsf@lifelogs.com>
	<CA+5B0FORNxYB0zbzfhbRmik+PK5JwiqbBj6jaqRCgW83RDg_7Q@mail.gmail.com>
	<CA+5B0FP7Vn8-5zQYzN0fHqu_Hbz1jU6J1ON1+kAHr6cyLEP3qQ@mail.gmail.com>
	<87lhmz4mtj.fsf@lifelogs.com>
	<CA+5B0FO7ikc-vaJAUqZtnhYEQe4OTCaaKCJqPDYaJu3HfKoWXQ@mail.gmail.com>
	<87sih575rc.fsf@lifelogs.com> <8361dyaqf1.fsf@gnu.org>
	<CA+5B0FNWeQv3tWSt78UCD-wTYZr952y92c83zOr=RU71jTQ_SQ@mail.gmail.com>
	<83zjb771px.fsf@gnu.org> <851tojm0z6.fsf@stephe-leake.org>
	<838uiq7m8b.fsf@gnu.org> <85d281jbgn.fsf@stephe-leake.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1417604235 17535 80.91.229.3 (3 Dec 2014 10:57:15 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Wed, 3 Dec 2014 10:57:15 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Dec 03 11:57:07 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Xw7cE-0000tF-96
	for ged-emacs-devel@m.gmane.org; Wed, 03 Dec 2014 11:57:02 +0100
Original-Received: from localhost ([::1]:40858 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1Xw7cD-0005LQ-TO
	for ged-emacs-devel@m.gmane.org; Wed, 03 Dec 2014 05:57:01 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:37740)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1Xw7aq-0003nS-RG
	for emacs-devel@gnu.org; Wed, 03 Dec 2014 05:55:42 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1Xw7al-0004t0-BD
	for emacs-devel@gnu.org; Wed, 03 Dec 2014 05:55:36 -0500
Original-Received: from plane.gmane.org ([80.91.229.3]:34049)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1Xw7ak-0004sb-RX
	for emacs-devel@gnu.org; Wed, 03 Dec 2014 05:55:31 -0500
Original-Received: from list by plane.gmane.org with local (Exim 4.69)
	(envelope-from <ged-emacs-devel@m.gmane.org>) id 1Xw7ag-00005I-Sd
	for emacs-devel@gnu.org; Wed, 03 Dec 2014 11:55:26 +0100
Original-Received: from x2f4a88f.dyn.telefonica.de ([2.244.168.143])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Wed, 03 Dec 2014 11:55:26 +0100
Original-Received: from dak by x2f4a88f.dyn.telefonica.de with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <emacs-devel@gnu.org>; Wed, 03 Dec 2014 11:55:26 +0100
X-Injected-Via-Gmane: http://gmane.org/
Original-Lines: 39
Original-X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: x2f4a88f.dyn.telefonica.de
X-Face: 2FEFf>]>q>2iw=B6,
	xrUubRI>pR&Ml9=ao@P@i)L:\urd*t9M~y1^:+Y]'C0~{mAl`oQuAl
	\!3KEIp?*w`|bL5qr,H)LFO6Q=qx~iH4DN; i";
	/yuIsqbLLCh/!U#X[S~(5eZ41to5f%E@'ELIi$t^
	Vc\LWP@J5p^rst0+('>Er0=^1{]M9!p?&:\z]|;&=NP3AhB!B_bi^]Pfkw
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux)
Cancel-Lock: sha1:xh79Q4RaTMFpAfHGvFFBgRaLjVo=
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 80.91.229.3
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:178723
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/178723>

Stephen Leake <stephen_leake@stephe-leake.org> writes:

> Eli Zaretskii <eliz@gnu.org> writes:
>
>>> From: Stephen Leake <stephen_leake@stephe-leake.org>
>>> Date: Mon, 01 Dec 2014 16:58:21 -0600
>>> 
>>> Eli Zaretskii <eliz@gnu.org> writes:
>>> 
>>> >
>>> >> >   . It seems to me that the modules call functions implemented by
>>> >> >     Emacs, like make_number and Fmember, on the assumption that
>>> >> >     calling any Emacs function will "just work".  This is false for
>>> >> 
>>> >> I had to add a linker flag to expose every symbol of Emacs. See the
>>> >> relevant commit:
>>> >> 
>>> >> http://git.savannah.gnu.org/cgit/emacs.git/commit/configure.ac?h=dynamic-modules&id=5c710fba15e0a3a2ae5d831e5cdb555332238752
>>> >
>>> > I don't think this is correct: we don't really want to export all the
>>> > symbols.
>>> 
>>> Why not?
>>
>> Security: you don't want to expose all of the Emacs bowels to any
>> external program out there.
>
> There are many other aspects to security; I doubt this particular
> strategy will really help.
>
> There are better ways to prevent bad code getting into Emacs; code
> reviewed signed modules is probably the best way.

That does not help against things like buffer overrun exploits, and when
some malicious code has all the symbols available, it can be made to
work on a larger variety of binaries.

-- 
David Kastrup