From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Ivan Shmakov <ivan@siamics.net>
Newsgroups: gmane.emacs.devel
Subject: Emacs dependencies vs. security
Date: Fri, 21 Nov 2014 16:22:46 +0000
Message-ID: <87vbm8y149.fsf_-_@violet.siamics.net>
References: <871tp4wut1.fsf@uwakimon.sk.tsukuba.ac.jp>
	<nWtpGiyFKR9k7nE3zeYlerT8rNARjNQg7DewPsssrEs@local>
	<87mw7qvign.fsf@uwakimon.sk.tsukuba.ac.jp>
	<E1XqSN9-0007Si-Qz@fencepost.gnu.org>
	<87bno5ulbu.fsf@uwakimon.sk.tsukuba.ac.jp>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Trace: ger.gmane.org 1416586997 1158 80.91.229.3 (21 Nov 2014 16:23:17 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Fri, 21 Nov 2014 16:23:17 +0000 (UTC)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Nov 21 17:23:13 2014
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XrqzI-0000lk-MO
	for ged-emacs-devel@m.gmane.org; Fri, 21 Nov 2014 17:23:12 +0100
Original-Received: from localhost ([::1]:41354 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1XrqzG-00083c-6P
	for ged-emacs-devel@m.gmane.org; Fri, 21 Nov 2014 11:23:10 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45850)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ivan@siamics.net>) id 1Xrqz3-00083J-O4
	for emacs-devel@gnu.org; Fri, 21 Nov 2014 11:22:58 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ivan@siamics.net>) id 1Xrqz2-0007DT-O3
	for emacs-devel@gnu.org; Fri, 21 Nov 2014 11:22:57 -0500
Original-Received: from fely.am-1.org ([2a01:4f8:d15:1b86::2]:47933)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ivan@siamics.net>) id 1Xrqz2-0007DB-E3
	for emacs-devel@gnu.org; Fri, 21 Nov 2014 11:22:56 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=siamics.net;
	s=a2013295; 
	h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:Sender:References:Subject:To:From;
	bh=W+fMqPYw7lIyuvYX4ATPwyNVkpMtAw4AW/Z1wq32cXs=; 
	b=gXeFrbxTdoXYM7pKTdFYbG29i1h0fqmhPraG2148GgHzc35TuD20NTsuPr6vlmt31ONaDsIWimYznu8yf/GeySIculPkvTiLd8NzPBXA3kr1X+d2lm8+Bd2YvS7dBITb/PZmP4Z7M56+glc93wrw0KoeG5c5khv7VA+K6nBP0BI=;
Original-Received: from [2a02:2560:6d4:26ca::1:1d] (helo=violet.siamics.net)
	by fely.am-1.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.80) (envelope-from <ivan@siamics.net>) id 1Xrqz0-0002Ix-K9
	for emacs-devel@gnu.org; Fri, 21 Nov 2014 16:22:55 +0000
Original-Received: from localhost ([::1] helo=violet.siamics.net)
	by violet.siamics.net with esmtps (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.80) (envelope-from <ivan@siamics.net>) id 1Xrqyt-0007Rb-B7
	for emacs-devel@gnu.org; Fri, 21 Nov 2014 23:22:47 +0700
In-Reply-To: <87bno5ulbu.fsf@uwakimon.sk.tsukuba.ac.jp> (Stephen J. Turnbull's
	message of "Tue, 18 Nov 2014 14:30:45 +0900")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2a01:4f8:d15:1b86::2
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:177954
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/177954>

>>>>> Stephen J Turnbull <stephen@xemacs.org> writes:
>>>>> Richard Stallman writes:

 >>> (I agree with you that Emacs that has an attack surface that
 >>> amounts to the whole world, and practically, that securing it is
 >>> too hard to think about succeeding, but that's not a popular view
 >>> on this list.  And it's just theory.)

 >> We have done substantial work to make Emacs secure against just
 >> visiting a malicious file.

 > Yes.  But Emacs nowadays depends on a large number of external
 > libraries, many of which are known to have had security flaws.

	Fortunately, most (if not all) of these libraries are entirely
	optional.  FWIW, the build I use for Emacs development is linked
	against GnuTLS, libxml, the compression libraries (Libz,
	Liblzma), and what seems to be their respective dependencies
	(Glib, libgcrypt, libtasn1, etc.)

[=E2=80=A6]

--=20
FSF associate member #7257  http://boycottsystemd.org/  =E2=80=A6 3013 B6A0=
 230E 334A