From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Richard Stallman <rms@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Preview: portable dumper
Date: Sun, 04 Dec 2016 18:03:28 -0500
Message-ID: <E1cDfoe-0003qM-Sq@fencepost.gnu.org>
References: <047a67ec-9e29-7e4e-0fb0-24c3e59b5886@dancol.org>
	<jwvpolfjkdo.fsf-monnier+gmane.emacs.devel@gnu.org>
	<r025fumbgpnx.fsf@dancol.org> <jwv8ts2moer.fsf-monnier+emacs@gnu.org>
	<r025y4026l1i.fsf@dancol.org>
	<9b6a0571-b2ae-a5dd-a643-3595e8f71cd6@cs.ucla.edu>
	<r025oa0y6jml.fsf@dancol.org>
	<b5730bfa-fbcb-cb70-0ed8-8546e2f704ac@cs.ucla.edu>
	<E1cCBAH-0002YL-HV@fencepost.gnu.org> <r0251sxsoh6a.fsf@dancol.org>
	<E1cDHuh-0006Tn-52@fencepost.gnu.org>
	<21236078-89c3-299b-46be-b4cc3ad488bc@dancol.org>
Reply-To: rms@gnu.org
NNTP-Posting-Host: blaine.gmane.org
Content-Type: text/plain; charset=Utf-8
X-Trace: blaine.gmane.org 1480892656 23193 195.159.176.226 (4 Dec 2016 23:04:16 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Sun, 4 Dec 2016 23:04:16 +0000 (UTC)
Cc: eggert@cs.ucla.edu, emacs-devel@gnu.org
To: Daniel Colascione <dancol@dancol.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Dec 05 00:04:12 2016
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1cDfpL-0005Gc-6A
	for ged-emacs-devel@m.gmane.org; Mon, 05 Dec 2016 00:04:11 +0100
Original-Received: from localhost ([::1]:35983 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1cDfpP-0003Sv-2z
	for ged-emacs-devel@m.gmane.org; Sun, 04 Dec 2016 18:04:15 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:52341)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <rms@gnu.org>)
	id 1cDfop-0003Sq-H1
	for emacs-devel@gnu.org; Sun, 04 Dec 2016 18:03:40 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rms@gnu.org>) id 1cDfoo-0007Ba-ND
	for emacs-devel@gnu.org; Sun, 04 Dec 2016 18:03:39 -0500
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:34976)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <rms@gnu.org>)
	id 1cDfof-00077e-Hm; Sun, 04 Dec 2016 18:03:29 -0500
Original-Received: from rms by fencepost.gnu.org with local (Exim 4.82)
	(envelope-from <rms@gnu.org>)
	id 1cDfoe-0003qM-Sq; Sun, 04 Dec 2016 18:03:28 -0500
In-reply-to: <21236078-89c3-299b-46be-b4cc3ad488bc@dancol.org> (message from
	Daniel Colascione on Sat, 3 Dec 2016 13:37:19 -0800)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:210038
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/210038>

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

We seem to be talking at cross purposes.  You raised the issue of
parsing network packets:

  > >   > Here's the scenario: suppose I can convince your Emacs to parse a
  > >   > carefully crafted network packet that triggers a bug in Emacs and lets
  > >   > me overwrite arbitrary memory in your Emacs process. Today, I win, in
  > >   > the sense that I gain complete control over your Emacs process and can
  > >   > do anything Emacs can do.

so I responded about Emacs's very simple parsing of network packets

  > > That reasoning is logically valid -- but is it really a plausible
  > > scenario that Emacs's parsing of a packet would have a bug that
  > > clobbers other unrelated memory?

but now you've changed the subject to libpng.

  > Bitter experience with other software has shown the answer to be "yes". 
  > The bug doesn't even have to be in Emacs --- it can be in a library we 
  > use. For example, we link against libpng when available, 

You might be right about libpng, but if so, that has nothing
particularly to do with parsing network packets in Emacs.
There are various ways the PNG file could get into your Emacs.

Regarding png files and security, there are many ways to view a png
file in various different programs.  It is useful to defend Emacs
better against such bugs, but maybe the better defense is a validator
library, separate from libpng, to carefully validate the format of a
PNG file and detect any inconsistency.  Then programs could call that
validator before showing the PNG file to libpng.

-- 
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.