From: Daniel Colascione <dancol@dancol.org>
To: Jacob Bachmeyer <jcb62281@gmail.com>
Cc: emacs-devel@gnu.org
Subject: Re: Preview: portable dumper
Date: Tue, 06 Dec 2016 15:18:32 -0800 [thread overview]
Message-ID: <r025k2bchcjb.fsf@dancol.org> (raw)
In-Reply-To: <58474630.3040707@gmail.com> (Jacob Bachmeyer's message of "Tue, 06 Dec 2016 17:13:52 -0600")
On Tue, Dec 06 2016, Jacob Bachmeyer wrote:
>>
>> (Or we could just randomize per-user and dump Emacs the first time it
>> runs for a particular user? If we do that after loading ~/.emacs, we
>> also improve people's startup time. Invalidating and regenerating the
>> dump when configuration changes would be a challenge though.)
>
> That should not be too difficult, if you can track which files were
> read when creating the dump and store some fields from the stat(2)
> information on those files in the dump. I am using this approach in a
> packaging system that I am developing to close a race between
> attaching a file to an archive handle and actually writing the
> archive, at which time the digest of the file is computed. (I wanted
> to avoid reading input files twice.)
>
> I take a conservative approach and verify that the
> st_{ino,dev,size,blocks,{m,c}tim{e,.tv_nsec}} fields are all
> unchanged. For my use, writing the archive produces a hard failure if
> this check fails; for Emacs, failing that check would indicate "time
> to rebuild the fast-load cache".
>
>
> On the other hand, I think that per-user dumps are a bad idea--the
> Emacs dump is an inscrutable binary blob
Users run lots of inscrutable binary blobs. At least this one is made
from free software. ("Sure", you might think, "we can just have the
system Emacs *sign* the blob." But an attacker could just read the
private key right out of the Emacs binary. You really can't win.)
> and therefore a good place
> for an intruder to hide persistent nastiness. This could allow an
> intruder to add a back door to a user's Emacs in a difficult-to-detect
> manner while needing only temporary access to that user's account,
> say, from exploiting any program that user runs.
I don't think attempting to defend against this sort of attack, at least
the way you suggest, is desirable. An attacker who can modify user
files like that has already won --- there are all sorts of user-mode
"rootkits" that hide themselves very effectively.
https://blogs.msdn.microsoft.com/oldnewthing/20060508-22/?p=31283
next prev parent reply other threads:[~2016-12-06 23:18 UTC|newest]
Thread overview: 352+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-06 23:13 Preview: portable dumper Jacob Bachmeyer
2016-12-06 23:18 ` Daniel Colascione [this message]
2016-12-06 23:46 ` Jacob Bachmeyer
2016-12-07 0:04 ` Daniel Colascione
2016-12-07 0:50 ` Jacob Bachmeyer
-- strict thread matches above, loose matches on Subject: below --
2018-02-13 22:06 Angelo Graziosi
2018-02-13 22:28 ` Angelo Graziosi
2018-02-14 7:23 ` Daniel Colascione
2018-02-14 16:18 ` Eli Zaretskii
2018-02-16 21:14 ` Angelo Graziosi
2018-02-16 21:25 ` Daniel Colascione
2018-02-17 8:54 ` Eli Zaretskii
2018-02-19 22:23 ` Andy Moreton
2018-02-20 4:03 ` Eli Zaretskii
2018-02-20 21:51 ` Paul Eggert
2018-02-16 21:35 ` Eli Zaretskii
2018-02-19 17:04 ` Daniel Colascione
2018-02-19 20:03 ` Andy Moreton
2018-02-19 20:16 ` Daniel Colascione
2018-02-19 20:18 ` Eli Zaretskii
2018-02-19 20:31 ` Daniel Colascione
2018-02-20 0:12 ` Angelo Graziosi
2018-02-26 12:03 ` Angelo Graziosi
2018-02-26 17:10 ` Daniel Colascione
2018-03-29 7:12 ` Angelo Graziosi
2018-03-29 7:34 ` Daniel Colascione
2018-03-29 9:39 ` Robert Pluim
2018-03-29 13:35 ` Pip Cet
2018-03-29 15:31 ` Daniel Colascione
2018-03-29 16:15 ` Pip Cet
2018-03-30 8:46 ` Pip Cet
2018-03-29 11:53 ` Eli Zaretskii
2018-03-29 13:03 ` Robert Pluim
2018-03-29 13:46 ` Eli Zaretskii
2018-03-29 13:14 ` Angelo Graziosi
2018-03-30 9:21 ` John Wiegley
2018-03-30 15:16 ` Stefan Monnier
2018-03-29 19:17 ` Alan Third
2018-03-29 19:32 ` dancol
2018-03-29 19:48 ` Alan Third
2018-03-31 9:56 ` Alan Third
2018-06-08 9:29 ` Robert Pluim
2018-06-08 10:05 ` Eli Zaretskii
2018-06-16 11:03 ` Alan Third
2018-02-14 4:29 ` Eli Zaretskii
2018-02-14 10:30 ` Robert Pluim
2018-02-14 15:37 ` Daniel Colascione
2018-02-14 18:38 ` Robert Pluim
2018-02-14 16:24 ` Eli Zaretskii
2018-02-14 17:49 ` Daniel Colascione
2018-02-14 18:11 ` Daniel Colascione
2018-02-14 19:07 ` Eli Zaretskii
2018-02-14 19:26 ` Daniel Colascione
2018-02-15 16:22 ` Eli Zaretskii
2018-02-16 11:33 ` Andy Moreton
2018-02-16 13:32 ` Eli Zaretskii
2018-02-16 16:50 ` Andy Moreton
2018-02-16 17:23 ` Eli Zaretskii
2018-02-16 17:48 ` Andy Moreton
2018-02-16 19:57 ` Eli Zaretskii
2018-02-16 20:43 ` Daniel Colascione
2018-02-16 21:09 ` Paul Eggert
2018-02-16 21:23 ` Daniel Colascione
2018-02-16 21:49 ` Paul Eggert
2018-02-16 22:02 ` Daniel Colascione
2018-02-16 22:31 ` Paul Eggert
2018-02-15 16:24 ` Robert Pluim
2018-02-20 16:37 ` Robert Pluim
2018-02-20 17:19 ` Daniel Colascione
2018-02-20 17:28 ` Paul Eggert
2018-02-20 17:43 ` Daniel Colascione
2018-02-20 18:09 ` Robert Pluim
2018-02-20 18:14 ` Daniel Colascione
2018-02-20 18:20 ` Robert Pluim
2018-02-20 19:01 ` Robert Pluim
2018-02-21 6:05 ` Stefan Monnier
2018-02-20 17:32 ` Robert Pluim
2018-02-20 17:45 ` Robert Pluim
2018-02-20 17:59 ` Daniel Colascione
2018-02-20 18:17 ` Robert Pluim
2018-02-20 18:26 ` Daniel Colascione
2018-02-20 18:46 ` Daniel Colascione
2018-02-14 20:34 ` Alan Third
2018-02-14 20:46 ` Philipp Stephani
2018-02-15 0:49 ` Daniel Colascione
2018-02-15 19:30 ` Alan Third
2018-02-15 19:49 ` Daniel Colascione
2018-02-15 20:35 ` Alan Third
2018-02-15 22:02 ` Daniel Colascione
2018-02-15 22:46 ` Alan Third
2018-02-15 23:34 ` Daniel Colascione
2018-02-16 0:47 ` Paul Eggert
2018-02-16 1:07 ` Daniel Colascione
2018-02-16 8:30 ` Eli Zaretskii
2018-02-16 15:02 ` Daniel Colascione
2018-02-16 15:22 ` Eli Zaretskii
2018-02-16 17:35 ` Andy Moreton
2018-02-16 1:54 ` Stefan Monnier
2018-02-16 2:25 ` Daniel Colascione
2018-02-21 22:04 ` Phillip Lord
2018-02-26 6:23 ` Daniel Colascione
2018-02-26 15:10 ` Phillip Lord
2018-02-26 15:23 ` Clément Pit-Claudel
2018-02-26 16:55 ` Daniel Colascione
2018-03-01 14:53 ` Andy Moreton
2018-03-02 13:42 ` Phillip Lord
2018-02-16 8:24 ` Eli Zaretskii
2018-02-16 11:30 ` Andy Moreton
2018-02-16 15:15 ` Daniel Colascione
2018-02-16 15:52 ` Robert Pluim
2018-02-16 17:00 ` Philipp Stephani
2018-02-16 17:42 ` Daniel Colascione
2018-02-16 15:10 ` Daniel Colascione
2018-02-16 15:33 ` Eli Zaretskii
2018-02-16 15:44 ` Daniel Colascione
2018-02-16 16:08 ` Eli Zaretskii
2018-02-16 16:30 ` Stefan Monnier
2018-02-15 22:38 ` Philipp Stephani
2018-02-15 22:44 ` Philipp Stephani
2018-02-15 7:44 ` Yoshiaki Kasahara
2018-02-15 22:17 ` Daniel Colascione
2018-02-16 1:47 ` Yoshiaki Kasahara
2018-02-17 10:31 ` Andreas Schwab
2018-02-19 20:24 ` Daniel Colascione
2018-02-19 20:39 ` Andreas Schwab
2018-02-19 21:16 ` Daniel Colascione
2018-02-19 21:41 ` Andreas Schwab
2018-02-19 22:46 ` Daniel Colascione
2016-12-01 18:50 David Requena Zabala
2016-12-01 19:37 ` Filipe Silva
2016-12-02 7:57 ` John Wiegley
2016-12-01 19:38 ` Eli Zaretskii
2016-12-01 22:13 ` David Requena Zabala
2016-12-02 0:30 ` Óscar Fuentes
2016-12-02 7:28 ` Eli Zaretskii
2016-12-02 12:44 ` David Requena Zabala
2016-12-02 22:22 ` Richard Stallman
2016-11-30 22:07 Reini Urban
2016-11-30 21:58 Tobias Gerdin
2016-11-28 19:50 Daniel Colascione
2016-11-28 19:58 ` Burton Samograd
2016-11-28 20:11 ` Daniel Colascione
2016-11-28 20:12 ` Eli Zaretskii
2016-11-28 20:14 ` Daniel Colascione
2016-11-28 20:16 ` Daniel Colascione
2016-11-28 20:29 ` Eli Zaretskii
2016-11-28 20:20 ` John Wiegley
2016-11-28 20:22 ` Daniel Colascione
2016-11-28 20:26 ` John Wiegley
2016-11-28 20:31 ` Daniel Colascione
2016-11-28 20:37 ` Burton Samograd
2016-11-28 20:44 ` Daniel Colascione
2016-11-29 16:02 ` Ted Zlatanov
2016-11-29 17:58 ` Daniel Colascione
2016-11-29 16:48 ` Richard Stallman
2016-11-29 17:32 ` Daniel Colascione
2016-11-29 19:55 ` Philippe Vaucher
2016-11-29 17:43 ` Eli Zaretskii
2016-11-29 17:49 ` Daniel Colascione
2016-11-29 18:17 ` Eli Zaretskii
2016-11-29 18:03 ` John Wiegley
2016-11-29 18:23 ` Eli Zaretskii
2016-11-29 18:49 ` Daniel Colascione
2016-11-29 19:02 ` Eli Zaretskii
2016-12-01 9:18 ` Richard Stallman
2016-12-01 18:11 ` Eli Zaretskii
2016-12-02 4:28 ` Ken Raeburn
2016-12-02 4:41 ` Daniel Colascione
2016-12-02 8:08 ` Eli Zaretskii
2016-12-02 8:03 ` Eli Zaretskii
2016-12-02 17:24 ` Ken Raeburn
2016-11-28 20:39 ` John Wiegley
2016-11-28 20:34 ` Burton Samograd
2016-11-28 20:31 ` Eli Zaretskii
2016-11-28 20:21 ` Paul Eggert
2016-11-28 20:34 ` Eli Zaretskii
2016-11-28 20:47 ` John Wiegley
2016-11-28 21:14 ` Eli Zaretskii
2016-11-28 21:55 ` Daniel Colascione
2016-11-28 22:18 ` John Wiegley
2016-11-29 18:40 ` Eli Zaretskii
2016-11-29 19:11 ` John Wiegley
2016-11-29 20:07 ` Eli Zaretskii
2016-11-29 20:29 ` John Wiegley
2016-11-29 20:36 ` Daniel Colascione
2016-11-29 21:30 ` John Wiegley
2016-11-30 8:26 ` Philippe Vaucher
2016-11-29 19:12 ` Daniel Colascione
2016-11-29 16:55 ` Richard Stallman
2016-11-29 18:39 ` Eli Zaretskii
2016-11-29 19:03 ` Daniel Colascione
2016-11-29 19:59 ` Eli Zaretskii
2016-11-29 20:28 ` John Wiegley
2016-11-29 19:13 ` Paul Eggert
2016-11-29 19:35 ` Eli Zaretskii
2016-11-29 20:54 ` Paul Eggert
2016-11-30 16:38 ` Eli Zaretskii
2016-11-30 18:57 ` John Wiegley
2016-11-30 19:14 ` Daniel Colascione
2016-11-30 21:03 ` John Wiegley
2016-11-30 21:06 ` Paul Eggert
2016-11-30 21:44 ` John Wiegley
2016-12-01 3:32 ` Eli Zaretskii
2016-12-01 9:16 ` Paul Eggert
2016-12-01 17:26 ` Eli Zaretskii
2016-12-01 17:35 ` Daniel Colascione
2016-12-01 17:58 ` Paul Eggert
2016-11-30 21:35 ` Daniel Colascione
2016-11-30 21:44 ` John Wiegley
2016-11-30 21:50 ` Daniel Colascione
2016-11-30 22:20 ` John Wiegley
2016-12-01 1:37 ` Paul Eggert
2016-12-01 1:45 ` Daniel Colascione
2016-12-01 3:47 ` Eli Zaretskii
2016-12-01 4:10 ` John Wiegley
2016-12-01 4:12 ` Daniel Colascione
2016-12-01 4:49 ` John Wiegley
2016-12-01 5:12 ` Daniel Colascione
2016-12-01 9:03 ` Matt Armstrong
2016-12-02 8:10 ` John Wiegley
2016-12-01 9:18 ` Phillip Lord
2016-12-01 4:10 ` Daniel Colascione
2016-12-01 3:41 ` Eli Zaretskii
2016-11-30 19:29 ` Philippe Vaucher
2016-11-30 19:45 ` Daniel Colascione
2016-11-30 21:06 ` Paul Eggert
2016-12-01 9:18 ` Richard Stallman
2016-12-01 18:09 ` Eli Zaretskii
2016-12-02 2:18 ` Stefan Monnier
2016-12-02 7:54 ` Eli Zaretskii
2016-12-02 8:08 ` John Wiegley
2016-12-02 8:59 ` Eli Zaretskii
2016-12-02 19:39 ` John Wiegley
2016-12-02 20:11 ` Karl Fogel
2016-12-02 21:22 ` Daniel Colascione
2016-12-02 22:06 ` Eli Zaretskii
2016-12-02 23:15 ` Karl Fogel
2016-12-15 14:28 ` Philippe Vaucher
2017-10-18 23:36 ` Kaushal Modi
2017-10-19 10:12 ` Jeremie Courreges-Anglas
2018-02-12 20:18 ` Daniel Colascione
2018-02-13 16:37 ` Eli Zaretskii
2018-02-14 21:03 ` Philipp Stephani
2018-02-15 0:42 ` Daniel Colascione
2018-02-15 23:31 ` Ken Brown
2018-02-15 23:36 ` Daniel Colascione
2018-02-16 1:56 ` Ken Brown
2018-02-16 2:36 ` Daniel Colascione
2018-02-17 23:38 ` Ken Brown
2018-02-17 23:59 ` Ken Brown
2018-02-18 0:02 ` Daniel Colascione
2018-02-19 13:30 ` Ken Brown
2018-02-19 17:03 ` Daniel Colascione
2018-02-19 22:33 ` Ken Brown
2018-02-20 16:32 ` Ken Brown
2018-02-20 17:23 ` Daniel Colascione
2018-02-20 1:16 ` Andy Moreton
2018-02-17 1:01 ` Clément Pit-Claudel
2018-02-19 17:06 ` Daniel Colascione
2018-02-19 22:00 ` Clément Pit-Claudel
2018-02-17 11:53 ` Charles A. Roelli
2018-02-17 12:09 ` Alan Third
2018-02-17 14:12 ` Charles A. Roelli
2018-02-20 0:54 ` Andy Moreton
2018-02-15 4:28 ` Stefan Monnier
2018-02-15 22:13 ` Daniel Colascione
2018-02-15 22:30 ` Paul Eggert
2018-02-15 22:35 ` Daniel Colascione
2018-02-15 22:56 ` Paul Eggert
2018-02-15 22:35 ` Paul Eggert
2018-02-15 18:34 ` andres.ramirez
2018-02-19 22:01 ` Daniele Nicolodi
2018-02-20 0:28 ` Daniel Colascione
2016-12-02 22:06 ` Eli Zaretskii
2016-12-02 22:28 ` Daniel Colascione
2016-12-03 8:48 ` Eli Zaretskii
2016-12-03 9:34 ` Daniel Colascione
2016-12-03 12:47 ` Eli Zaretskii
2016-12-03 14:36 ` Alan Mackenzie
2016-12-03 15:11 ` Eli Zaretskii
2016-12-04 12:20 ` Alan Mackenzie
2016-12-04 12:48 ` Dmitry Gutov
2016-12-04 15:53 ` Eli Zaretskii
2016-12-03 17:36 ` Daniel Colascione
2016-12-03 17:40 ` Dmitry Gutov
2016-12-03 21:09 ` Stefan Monnier
2016-12-03 21:31 ` Daniel Colascione
2016-12-04 4:25 ` Stefan Monnier
2016-12-04 12:34 ` Alan Mackenzie
2016-12-04 12:51 ` Dmitry Gutov
2016-12-04 14:08 ` Stefan Monnier
2016-12-04 15:22 ` Alan Mackenzie
2016-12-03 21:31 ` Richard Stallman
2016-12-04 12:41 ` Alan Mackenzie
2016-12-03 17:41 ` Paul Eggert
2016-12-03 19:49 ` Eli Zaretskii
2016-12-03 21:30 ` Richard Stallman
2016-12-04 3:31 ` Eli Zaretskii
2016-12-04 23:03 ` Richard Stallman
2016-12-03 17:24 ` Paul Eggert
2016-12-03 15:56 ` Stefan Monnier
2016-12-03 21:31 ` Richard Stallman
2016-12-04 23:05 ` Richard Stallman
2016-12-02 22:29 ` John Wiegley
2016-12-03 21:28 ` Richard Stallman
2016-12-04 15:57 ` Eli Zaretskii
2016-12-04 17:12 ` Daniel Colascione
2016-12-04 23:07 ` Richard Stallman
2016-12-05 0:24 ` Daniel Colascione
2016-12-06 10:38 ` Philippe Vaucher
2016-12-02 9:00 ` Philippe Vaucher
2016-12-02 10:56 ` Eli Zaretskii
2017-05-26 19:48 ` Thien-Thi Nguyen
2017-05-26 20:26 ` Kaushal Modi
2017-05-27 7:27 ` Thien-Thi Nguyen
2016-12-02 13:04 ` Stefan Monnier
2016-12-02 14:45 ` Eli Zaretskii
2016-12-02 14:51 ` Stefan Monnier
2016-12-02 22:24 ` Richard Stallman
2016-12-02 23:32 ` Stefan Monnier
2016-12-03 8:28 ` Eli Zaretskii
2016-12-02 23:42 ` Paul Eggert
2016-12-02 15:38 ` Daniel Colascione
2016-12-02 17:26 ` Ken Raeburn
2016-12-02 17:47 ` Paul Eggert
[not found] ` <<jwvlgvyv10x.fsf-monnier+Inbox@gnu.org>
[not found] ` <<E1cCwGF-0002PT-Kq@fencepost.gnu.org>
2016-12-03 0:07 ` Drew Adams
2016-12-03 8:25 ` Eli Zaretskii
2016-12-03 20:40 ` Joost Kremers
2016-12-03 21:30 ` Richard Stallman
[not found] ` <<<jwvlgvyv10x.fsf-monnier+Inbox@gnu.org>
[not found] ` <<<E1cCwGF-0002PT-Kq@fencepost.gnu.org>
[not found] ` <<2b63d48d-a678-49c2-a3a9-4f91d8d8bdb4@default>
[not found] ` <<8337i5mnb5.fsf@gnu.org>
2016-12-03 16:14 ` Drew Adams
2016-12-03 16:42 ` Eli Zaretskii
2016-12-02 14:27 ` Richard Stallman
2016-11-28 21:14 ` Paul Eggert
2016-11-28 23:01 ` Stefan Monnier
2016-11-28 23:17 ` Daniel Colascione
2016-11-29 13:06 ` Stefan Monnier
2016-11-29 21:19 ` Daniel Colascione
2016-11-29 21:35 ` Paul Eggert
2016-11-29 21:50 ` Daniel Colascione
2016-11-29 22:01 ` Paul Eggert
2016-11-30 0:37 ` Daniel Colascione
2016-11-30 7:35 ` Paul Eggert
2016-11-30 13:33 ` Stefan Monnier
2016-11-30 20:07 ` Richard Stallman
2016-11-30 20:18 ` Daniel Colascione
2016-12-03 21:32 ` Richard Stallman
2016-12-03 21:37 ` Daniel Colascione
2016-12-04 23:03 ` Richard Stallman
2016-12-03 21:54 ` Paul Eggert
2016-11-29 22:01 ` Stefan Monnier
2016-11-29 22:22 ` Philipp Stephani
2016-11-29 22:34 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=r025k2bchcjb.fsf@dancol.org \
--to=dancol@dancol.org \
--cc=emacs-devel@gnu.org \
--cc=jcb62281@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.