Emacs master, security concernes, ms-windows

emacs-devel

From:	Fabrice Popineau
Subject:	Emacs master, security concernes, ms-windows
Date:	Thu, 14 Sep 2017 09:58:36 +0200

Since there seems to be a lot of concerns wrt to security,

I am submitting the attached patch.

The reason for this patch is to limit the search for dlls loaded at

runtime to the win32 system directory and/or the emacs application

directory.

In the current state, dlls can be picked up in any directory in the path.

Some one could fake one of these dlls (xpm, png, etc.) and use it for

mean reasons.

It is not bullet proof, but it levels up security and

many other projects have applied such a restriction.

Best regards,

Fabrice

emacs-loadlibrary.diff
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

Emacs master, security concernes, ms-windows, Fabrice Popineau <=
- Re: Emacs master, security concernes, ms-windows, Óscar Fuentes, 2017/09/14
  - Re: Emacs master, security concernes, ms-windows, Fabrice Popineau, 2017/09/14
    - Re: Emacs master, security concernes, ms-windows, Óscar Fuentes, 2017/09/14
    - Re: Emacs master, security concernes, ms-windows, Fabrice Popineau, 2017/09/14
    - Re: Emacs master, security concernes, ms-windows, Eli Zaretskii, 2017/09/14
    - Re: Emacs master, security concernes, ms-windows, Eli Zaretskii, 2017/09/14
  - Re: Emacs master, security concernes, ms-windows, Eli Zaretskii, 2017/09/14
- Re: Emacs master, security concernes, ms-windows, Andy Moreton, 2017/09/14
- Re: Emacs master, security concernes, ms-windows, Eli Zaretskii, 2017/09/14