[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DSO-style FFI

From: Ted Zlatanov
Subject: Re: DSO-style FFI
Date: Wed, 09 Oct 2013 21:25:39 -0400
User-agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux)

On Wed, 09 Oct 2013 17:52:36 -0600 Davis Herring <address@hidden> wrote: 

>> That's pretty dangerous, isn't it?  Any memory corruption, intentional
>> or not, could affect the user significantly.  Is that an acceptable risk?

DH> Intentional memory corruption is entirely beside the point -- you're
DH> already planning to run whatever code the DSO provides with your current
DH> security credentials.  (You even already run DSO-specified code as soon
DH> as you call dlopen().)


DH> As for accidental corruption, you can at least protect your Lisp_Objects
DH> by controlling how you copy data into and out of them.  (Of course, a
DH> wild pointer can corrupt absolutely anything, but you're not very likely
DH> to be in an undesirable "Emacs appears functional but is confused" state.)

Yeah, I was wondering how much can be done here, but I guess "not much."

Moreover, I was wondering whether the risk is acceptable.  The other
extreme is to have some protocol to externally executed modules so
there's no chance of corruption; it's very inefficient but also much
less risky.  I think it's safe to say the risk of DSOs is acceptable to
everyone, but wanted to be clear about it.

Thanks for explaining.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]