From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: Emacs master, security concernes, ms-windows Date: Thu, 14 Sep 2017 20:08:30 +0300 Message-ID: <831sn9nr75.fsf@gnu.org> References: Reply-To: Eli Zaretskii NNTP-Posting-Host: blaine.gmane.org X-Trace: blaine.gmane.org 1505408967 20422 195.159.176.226 (14 Sep 2017 17:09:27 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 14 Sep 2017 17:09:27 +0000 (UTC) Cc: emacs-devel@gnu.org To: Fabrice Popineau Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Sep 14 19:09:23 2017 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dsXdi-0005Ck-So for ged-emacs-devel@m.gmane.org; Thu, 14 Sep 2017 19:09:23 +0200 Original-Received: from localhost ([::1]:49038 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dsXdq-0002Ey-B7 for ged-emacs-devel@m.gmane.org; Thu, 14 Sep 2017 13:09:30 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48977) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dsXdA-0002D9-C6 for emacs-devel@gnu.org; Thu, 14 Sep 2017 13:08:49 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dsXd7-0007cn-7p for emacs-devel@gnu.org; Thu, 14 Sep 2017 13:08:48 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:53032) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dsXd7-0007cY-4d; Thu, 14 Sep 2017 13:08:45 -0400 Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:1278 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dsXd4-0003Kb-Kh; Thu, 14 Sep 2017 13:08:45 -0400 In-reply-to: (message from Fabrice Popineau on Thu, 14 Sep 2017 09:58:36 +0200) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:218277 Archived-At: > From: Fabrice Popineau > Date: Thu, 14 Sep 2017 09:58:36 +0200 > > Since there seems to be a lot of concerns wrt to security, > I am submitting the attached patch. > > The reason for this patch is to limit the search for dlls loaded at > runtime to the win32 system directory and/or the emacs application > directory. > In the current state, dlls can be picked up in any directory in the path. > Some one could fake one of these dlls (xpm, png, etc.) and use it for > mean reasons. I see your point, and I'm sympathetic to the concerns. However, given the accepted practices of installing packages on Windows, I don't think we can do this by default. Many times people install optional libraries in separate directories and just add them to PATH. Some even install each individual package into its own directory. I just had a conversation off-list with one such user. Disabling DLL look up on PATH by default will completely screw up those users. In addition, as others pointed out, this mode is not supported before Vista, so we shouldn't pass that constant to LoadLibraryEx on systems that don't support it, even if we accept such a feature as an optional one. Thanks.