[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DSO-style FFI
Re: DSO-style FFI
Sat, 19 Oct 2013 11:08:28 -0400
Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux)
SM> This is a fundamental property of anything that lets gives access to
SM> "any" library. DSO or FFI is in the same boat. IOW, if we really
SM> consider it as too dangerous, then we can't provide anything related to
SM> an FFI or dynamic loading of code.
> This is where package signing becomes important.
More or less. I mean, yes, it's annoying when Emacs crashes, but in
terms of security, being able to run arbitrary C code is not really
worse than being able to run arbitrary Elisp code, and in terms of
reliability, Elisp code can also render your Emacs unusable (without
SM> Presumably we can prevent it by checking (before loading the library)
SM> that the library is compatible with the GPL (following the scheme
SM> designed originally for gcc).
> This can be declared by the author in the packaging. Do we need to spend
> time on an elaborate scheme that can be trivially subverted? Or are
> there other concerns I'm not getting?
As someone else explained, the issue is not whether subverting it is
hard, but rather whether subverting it must be done in a blatant-enough
way that it makes a difference, from a legal point of view (e.g. it
turns into fraud, rather than mere copyright violation).
- Re: DSO-style FFI, (continued)
- Re: DSO-style FFI, Stephen J. Turnbull, 2013/10/08
- Re: DSO-style FFI, Stefan Monnier, 2013/10/08
- Re: DSO-style FFI, Michael Welsh Duggan, 2013/10/12
- Re: DSO-style FFI, Stephen J. Turnbull, 2013/10/12
- Re: DSO-style FFI, Stefan Monnier, 2013/10/14
- Re: DSO-style FFI, Ted Zlatanov, 2013/10/18
- Re: DSO-style FFI, Stefan Monnier, 2013/10/19
- Re: DSO-style FFI,
Stefan Monnier <=
- Re: DSO-style FFI, Andy Moreton, 2013/10/19
- Re: DSO-style FFI, Ted Zlatanov, 2013/10/19
- Re: DSO-style FFI, Ted Zlatanov, 2013/10/08