From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Stephen J. Turnbull" Newsgroups: gmane.emacs.devel Subject: Re: Wherein I argue for the inclusion of libnettle in Emacs 24.5 Date: Fri, 07 Feb 2014 00:05:06 +0900 Message-ID: <87sirwmgd9.fsf@uwakimon.sk.tsukuba.ac.jp> References: <87ha8f3jt1.fsf@building.gnus.org> <87ppn2qz0f.fsf@building.gnus.org> <87y51qcace.fsf@lifelogs.com> <874n4e3rkm.fsf@uwakimon.sk.tsukuba.ac.jp> <87txcdd6d0.fsf@lifelogs.com> <87wqh8n877.fsf@uwakimon.sk.tsukuba.ac.jp> <87lhxocvfq.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 X-Trace: ger.gmane.org 1391699187 21501 80.91.229.3 (6 Feb 2014 15:06:27 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 6 Feb 2014 15:06:27 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Feb 06 16:06:34 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1WBQXB-0001SI-H1 for ged-emacs-devel@m.gmane.org; Thu, 06 Feb 2014 16:06:33 +0100 Original-Received: from localhost ([::1]:36960 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WBQXB-0004qT-1S for ged-emacs-devel@m.gmane.org; Thu, 06 Feb 2014 10:06:33 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:42430) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WBQX1-0004lc-Fi for emacs-devel@gnu.org; Thu, 06 Feb 2014 10:06:30 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WBQWu-0000qp-6L for emacs-devel@gnu.org; Thu, 06 Feb 2014 10:06:23 -0500 Original-Received: from mgmt2.sk.tsukuba.ac.jp ([130.158.97.224]:54699) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WBQWt-0000XQ-SA for emacs-devel@gnu.org; Thu, 06 Feb 2014 10:06:16 -0500 Original-Received: from uwakimon.sk.tsukuba.ac.jp (uwakimon.sk.tsukuba.ac.jp [130.158.99.156]) by mgmt2.sk.tsukuba.ac.jp (Postfix) with ESMTP id 380E597094A for ; Fri, 7 Feb 2014 00:05:06 +0900 (JST) Original-Received: by uwakimon.sk.tsukuba.ac.jp (Postfix, from userid 1000) id 2ABB21A2794; Fri, 7 Feb 2014 00:05:06 +0900 (JST) In-Reply-To: <87lhxocvfq.fsf@lifelogs.com> X-Mailer: VM undefined under 21.5 (beta34) "kale" 2a0f42961ed4 XEmacs Lucid (x86_64-unknown-linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 130.158.97.224 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:169439 Archived-At: Ted Zlatanov writes: > Inside Emacs, there would have to be a passphrase popup in the > minibuffer or elsewhere that can't be faked from ELisp but must > come from the "secure core." Ted, there is no "secure core" in an Emacs Lisp application. That was the main point of the defadvice. If *your* Lisp program can invoke a password popup, so can *my* sleazebag defadvice. > SJT> As applications, yes. But who cares? Try, "do they expose the crypto > SJT> facilities to users of their platform (eg, Javascript)?" > > Well, the Java VMs expose javax.crypto... If that's analogous to libnettle, that's good enough for me for this particular analogy. (I'll take your word for it.) > SJT> Not at all. The presence of those primitives is an attractive > SJT> nuisance, encouraging security neophytes to roll-their-own authn/authz/ > SJT> crypto systems. If you want horror stories, there are plenty archived > SJT> at the RISKS forum and on CERT. Statistically speaking, availability > SJT> of these functions will mean somebody *will* get screwed by a self- > SJT> injected security bug. > > I can't debate what could happen, that's what "hypothetical" means. Security is all about what *could* happen if you're not careful. If you aren't already thinking carefully about that, I don't understand why you're doing this!