From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: joakim@verona.se
Newsgroups: gmane.emacs.devel
Subject: Re: code signing with foreign function interface?
Date: Mon, 08 Mar 2010 08:41:08 +0100
Message-ID: <m3aauj45wr.fsf@verona.se>
References: <m3y6i46440.fsf@verona.se> <87y6i4xg7y.fsf@lola.goethe.zz>
	<m38wa45agh.fsf@verona.se>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: dough.gmane.org 1268034094 17453 80.91.229.12 (8 Mar 2010 07:41:34 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Mon, 8 Mar 2010 07:41:34 +0000 (UTC)
Cc: emacs-devel@gnu.org
To: David Kastrup <dak@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Mar 08 08:41:29 2010
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1NoXai-0002g3-Pe
	for ged-emacs-devel@m.gmane.org; Mon, 08 Mar 2010 08:41:29 +0100
Original-Received: from localhost ([127.0.0.1]:53986 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1NoXai-0005hd-3j
	for ged-emacs-devel@m.gmane.org; Mon, 08 Mar 2010 02:41:28 -0500
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NoXac-0005gA-Ut
	for emacs-devel@gnu.org; Mon, 08 Mar 2010 02:41:22 -0500
Original-Received: from [140.186.70.92] (port=44759 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NoXaa-0005eZ-Na
	for emacs-devel@gnu.org; Mon, 08 Mar 2010 02:41:22 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <joakim@verona.se>) id 1NoXaa-0005YW-6L
	for emacs-devel@gnu.org; Mon, 08 Mar 2010 02:41:20 -0500
Original-Received: from iwfs.imcode.com ([82.115.149.64]:43647 helo=gate.verona.se)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <joakim@verona.se>)
	id 1NoXaY-0005X1-8w; Mon, 08 Mar 2010 02:41:18 -0500
Original-Received: from localhost.localdomain (IDENT:1005@localhost [127.0.0.1])
	by gate.verona.se (8.13.4/8.11.4) with ESMTP id o287f8n3013230;
	Mon, 8 Mar 2010 08:41:09 +0100
In-Reply-To: <m38wa45agh.fsf@verona.se> (joakim@verona.se's message of "Sun,
	07 Mar 2010 18:05:18 +0100")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1.90 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4-2.6
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:121725
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/121725>

joakim@verona.se writes:

> David Kastrup <dak@gnu.org> writes:
>
>> joakim@verona.se writes:
>>
>>> - We don't necessarily need a complete secure infrastructure for
>>> this. A simple solution might be to check for the presence of a form
>>> of GNU license in binary form in the dll. This particular GNU license
>>> is itself protected by copyright and cannot be combined with other
>>> works without creating a derived work.
>>
>> Useless:
>>
>>      Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>>      Everyone is permitted to copy and distribute verbatim copies
>>      of this license document, but changing it is not allowed.
>>
>> So you can copy the license into any work you like.  The presence of the
>> GPL as a binary blob is meaningless with regard to licensing.  A book
>> may also print the GPL without becoming GPLed.
>>
>> The GPL becomes relevant only when it is made clear that the acquisition
>> of some software is governed by it.  Its mere presence in some manner is
>> not more than a pointer.  If it is needed as a key without legal
>> meaning, that use is perfectly covered by its license.
>
> Ok, I was unclear. I didn't mean that the GPL in itself would be used for
> this. I meant another new license, derived from the GPL, but specialized
> for this purpose, specifically avoiding the pitfall you describe.
>
> Maybe its still useless, but lets describe each step:
>
> - Define a copyrightable text that might also be used as a binary blob.
> this text has a license that allows it to be bundled with other GPL:ed
> binary blobs, such as GPL:ed dll:s. Since these dll:s are GPL:ed its ok
> to produce a new signed dll with the text in it.
>
> - Sign a dll with this text with some kind of signing tool. Maybe static
>   linking will be enough.
>
> - Emacs FFI loads the dll and checks that the desired licensed text in
>   binary form is present, and then proceeds to use the dll. If the text
>   is not present, refuse to proceed.

Explaining this idea in technical terms wasnt incredibly
productive. Instead, lets ask this question:

- Emacs gets a new FFI facility. When this FFI facility tries to load a
  dll the first time in a session, it asks the user if the dll has a
  valid license. 

That's all. No code signing, no nothing to further prevent the user from
making a mistake. Would this be enough for an Emacs FFI?


-- 
Joakim Verona