From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Fabrice Popineau Newsgroups: gmane.emacs.devel Subject: Re: Emacs master, security concernes, ms-windows Date: Thu, 14 Sep 2017 17:56:46 +0200 Message-ID: References: <87k211xv4b.fsf@qcore> <87fubpxq60.fsf@qcore> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="001a114f86dc09583c05592854d3" X-Trace: blaine.gmane.org 1505404642 2968 195.159.176.226 (14 Sep 2017 15:57:22 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 14 Sep 2017 15:57:22 +0000 (UTC) Cc: Emacs developers To: =?UTF-8?Q?=C3=93scar_Fuentes?= Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Sep 14 17:57:18 2017 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dsWVx-0000bb-GY for ged-emacs-devel@m.gmane.org; Thu, 14 Sep 2017 17:57:17 +0200 Original-Received: from localhost ([::1]:48585 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dsWW4-0003TO-Tb for ged-emacs-devel@m.gmane.org; Thu, 14 Sep 2017 11:57:24 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:34734) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dsWVv-0003RO-DC for emacs-devel@gnu.org; Thu, 14 Sep 2017 11:57:16 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dsWVq-0007ue-Ip for emacs-devel@gnu.org; Thu, 14 Sep 2017 11:57:15 -0400 Original-Received: from smtp2.supelec.fr ([160.228.120.31]:55803) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dsWVq-0007tE-AD for emacs-devel@gnu.org; Thu, 14 Sep 2017 11:57:10 -0400 Original-Received: from localhost (localhost [127.0.0.1]) by smtp2.supelec.fr (Postfix) with ESMTP id 8E3FA803DC for ; Thu, 14 Sep 2017 17:57:08 +0200 (CEST) X-Virus-Scanned: amavisd-new at smtp2.supelec.fr Original-Received: from smtp2.supelec.fr ([127.0.0.1]) by localhost (smtp2.supelec.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NlutboUQBKbn for ; Thu, 14 Sep 2017 17:57:08 +0200 (CEST) Original-Received: from mail-qk0-f175.google.com (mail-qk0-f175.google.com [209.85.220.175]) by smtp2.supelec.fr (Postfix) with ESMTPSA id D5E3F80427 for ; Thu, 14 Sep 2017 17:57:07 +0200 (CEST) Original-Received: by mail-qk0-f175.google.com with SMTP id b23so7158234qkg.1 for ; Thu, 14 Sep 2017 08:57:07 -0700 (PDT) X-Gm-Message-State: AHPjjUgX3VkJkSQlnD52HChswHUprkUuYdg0h7KWaXUdkd+HjRQareOR eKwMLJ3s7BeyuSTLuoTvYs6dttccQj5Fo7hSPps= X-Google-Smtp-Source: AOwi7QBQDgfqNBtghbQeEcXlbmN+VeV2RAWW84i802LJ6Hsa3cN/I9Mv9L37dFEzg8pIdpb5ipEkjXLD3iAM+HkEbQM= X-Received: by 10.55.139.65 with SMTP id n62mr3232530qkd.94.1505404627009; Thu, 14 Sep 2017 08:57:07 -0700 (PDT) Original-Received: by 10.140.82.21 with HTTP; Thu, 14 Sep 2017 08:56:46 -0700 (PDT) In-Reply-To: <87fubpxq60.fsf@qcore> X-Gmail-Original-Message-ID: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy] X-Received-From: 160.228.120.31 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:218274 Archived-At: --001a114f86dc09583c05592854d3 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable 2017-09-14 17:20 GMT+02:00 =C3=93scar Fuentes : > Fabrice Popineau writes: > > > At the moment, any libpng.dll (for example) on the PATH can be loaded b= y > > emacs. > > With this restriction, only the one provided with an emacs package will > be. > > > > I came to 'fix' this because I am using the Anaconda Python distributio= n > > which also > > provides its own set of dlls. At some point I got a failure because the= ir > > dlls got loaded, > > instead of the mingw64 ones. > > I suffered a similar problem on the past. > > The real concern about this patch is that it raises quite a bit the > minimum supported OS version, which is a big no-no, AFAIK. > > Although I'm not sure what happens if you pass an unsupported flag to > LoadLibraryEx. > > > It is possible to implement your idea by using explicit paths. > Yes, emacs could itself decide where to look for these dlls. At least for the ones that are non system. And the system ones should be looked for only in the System32 directory. I know that my patch was a radical one. I mainly wanted to raise the issue. Fabrice --001a114f86dc09583c05592854d3 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


2017-09-14 17:20 GMT+02:00 =C3=93scar Fuentes <ofv@wanadoo.es>:
Fabrice Popineau &l= t;fabrice.popineau@<= wbr>centralesupelec.fr> writes:

> At the moment, any libpng.dll (for example) on the PATH can be loaded = by
> emacs.
> With this restriction, only the one provided with an emacs package wil= l be.
>
> I came to 'fix' this because I am using the Anaconda Python di= stribution
> which also
> provides its own set of dlls. At some point I got a failure because th= eir
> dlls got loaded,
> instead of the mingw64 ones.

I suffered a similar problem on the past.

The real concern about this patch is that it raises quite a bit the
minimum supported OS version, which is a big no-no, AFAIK.

Although I'm not sure what happens if you pass an unsupported flag to LoadLibraryEx.


=C2=A0
It is possible to implement your idea by using explicit paths.

Yes, emacs could itself decide where to look for th= ese dlls.
At least for the ones =C2=A0that are non system.
<= div>And the system ones should be looked for only in the System32 directory= .

I know that my patch was a radical one. I mainly= wanted to raise the issue.

Fabrice<= /div>
--001a114f86dc09583c05592854d3--