From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Richard Stallman <rms@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Preview: portable dumper
Date: Sat, 03 Dec 2016 16:32:07 -0500
Message-ID: <E1cDHuh-0006Tn-52@fencepost.gnu.org>
References: <047a67ec-9e29-7e4e-0fb0-24c3e59b5886@dancol.org>
	<jwvpolfjkdo.fsf-monnier+gmane.emacs.devel@gnu.org>
	<r025fumbgpnx.fsf@dancol.org> <jwv8ts2moer.fsf-monnier+emacs@gnu.org>
	<r025y4026l1i.fsf@dancol.org>
	<9b6a0571-b2ae-a5dd-a643-3595e8f71cd6@cs.ucla.edu>
	<r025oa0y6jml.fsf@dancol.org>
	<b5730bfa-fbcb-cb70-0ed8-8546e2f704ac@cs.ucla.edu>
	<E1cCBAH-0002YL-HV@fencepost.gnu.org> <r0251sxsoh6a.fsf@dancol.org>
Reply-To: rms@gnu.org
NNTP-Posting-Host: blaine.gmane.org
Content-Type: text/plain; charset=Utf-8
X-Trace: blaine.gmane.org 1480800819 22401 195.159.176.226 (3 Dec 2016 21:33:39 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Sat, 3 Dec 2016 21:33:39 +0000 (UTC)
Cc: eggert@cs.ucla.edu, emacs-devel@gnu.org
To: Daniel Colascione <dancol@dancol.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Dec 03 22:33:34 2016
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1cDHw5-0004vu-UU
	for ged-emacs-devel@m.gmane.org; Sat, 03 Dec 2016 22:33:34 +0100
Original-Received: from localhost ([::1]:52567 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1cDHw9-0006dP-Ro
	for ged-emacs-devel@m.gmane.org; Sat, 03 Dec 2016 16:33:37 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:37740)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <rms@gnu.org>)
	id 1cDHuq-0006c8-P6
	for emacs-devel@gnu.org; Sat, 03 Dec 2016 16:32:17 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rms@gnu.org>) id 1cDHup-0001pm-VQ
	for emacs-devel@gnu.org; Sat, 03 Dec 2016 16:32:16 -0500
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:50651)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <rms@gnu.org>)
	id 1cDHuh-0001jo-Pt; Sat, 03 Dec 2016 16:32:07 -0500
Original-Received: from rms by fencepost.gnu.org with local (Exim 4.82)
	(envelope-from <rms@gnu.org>)
	id 1cDHuh-0006Tn-52; Sat, 03 Dec 2016 16:32:07 -0500
In-reply-to: <r0251sxsoh6a.fsf@dancol.org> (message from Daniel Colascione on
	Wed, 30 Nov 2016 12:18:21 -0800)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:209999
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/209999>

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > Here's the scenario: suppose I can convince your Emacs to parse a
  > carefully crafted network packet that triggers a bug in Emacs and lets
  > me overwrite arbitrary memory in your Emacs process. Today, I win, in
  > the sense that I gain complete control over your Emacs process and can
  > do anything Emacs can do.

That reasoning is logically valid -- but is it really a plausible
scenario that Emacs's parsing of a packet would have a bug that
clobbers other unrelated memory?

What Emacs does with the contents of an incoming packet is mainly
to turn it into Lisp objects and make that available at Lisp level.
That means not much opportunity for such a bug to occur.

-- 
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.