[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DSO-style FFI
|
From: |
Andy Moreton |
|
Subject: |
Re: DSO-style FFI |
|
Date: |
Sat, 19 Oct 2013 18:33:27 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (windows-nt) |
On Fri 18 Oct 2013, Ted Zlatanov wrote:
> On Sat, 12 Oct 2013 14:55:26 -0400 Stefan Monnier <address@hidden> wrote:
>
>>> The problems I see are A) that it would be trivial to use such an
>>> interface to crash or subvert emacs from elisp,
>
> SM> This is a fundamental property of anything that lets gives access to
> SM> "any" library. DSO or FFI is in the same boat. IOW, if we really
> SM> consider it as too dangerous, then we can't provide anything related to
> SM> an FFI or dynamic loading of code.
>
> This is where package signing becomes important. We can require two
> signatures from two separate reviewers for high-risk packages.
Package signing is not really relevant here: knowing who signed a
package does not magically prevent emacs from crashing. If you want to
prevent crashes, then you need to isolate the third party code by
running it in a separate process.
AndyM
- Re: DSO-style FFI, (continued)
- Re: DSO-style FFI, Stephen J. Turnbull, 2013/10/08
- Re: DSO-style FFI, Stefan Monnier, 2013/10/08
- Re: DSO-style FFI, Michael Welsh Duggan, 2013/10/12
- Re: DSO-style FFI, Stephen J. Turnbull, 2013/10/12
- Re: DSO-style FFI, Stefan Monnier, 2013/10/14
- Re: DSO-style FFI, Ted Zlatanov, 2013/10/18
- Re: DSO-style FFI, Stefan Monnier, 2013/10/19
- Re: DSO-style FFI, Stefan Monnier, 2013/10/19
- Re: DSO-style FFI,
Andy Moreton <=
- Re: DSO-style FFI, Ted Zlatanov, 2013/10/19
- Re: DSO-style FFI, Ted Zlatanov, 2013/10/08