[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DSO-style FFI

From: Stefan Monnier
Subject: Re: DSO-style FFI
Date: Sat, 19 Oct 2013 11:08:28 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux)

SM> This is a fundamental property of anything that lets gives access to
SM> "any" library.  DSO or FFI is in the same boat.  IOW, if we really
SM> consider it as too dangerous, then we can't provide anything related to
SM> an FFI or dynamic loading of code.
> This is where package signing becomes important.

More or less.  I mean, yes, it's annoying when Emacs crashes, but in
terms of security, being able to run arbitrary C code is not really
worse than being able to run arbitrary Elisp code, and in terms of
reliability, Elisp code can also render your Emacs unusable (without
crashing it).

SM> Presumably we can prevent it by checking (before loading the library)
SM> that the library is compatible with the GPL (following the scheme
SM> designed originally for gcc).
> This can be declared by the author in the packaging.  Do we need to spend
> time on an elaborate scheme that can be trivially subverted?  Or are
> there other concerns I'm not getting?

As someone else explained, the issue is not whether subverting it is
hard, but rather whether subverting it must be done in a blatant-enough
way that it makes a difference, from a legal point of view (e.g. it
turns into fraud, rather than mere copyright violation).


reply via email to

[Prev in Thread] Current Thread [Next in Thread]