[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DSO-style FFI

From: Andy Moreton
Subject: Re: DSO-style FFI
Date: Sat, 19 Oct 2013 18:33:27 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (windows-nt)

On Fri 18 Oct 2013, Ted Zlatanov wrote:

> On Sat, 12 Oct 2013 14:55:26 -0400 Stefan Monnier <address@hidden> wrote: 
>>> The problems I see are A) that it would be trivial to use such an
>>> interface to crash or subvert emacs from elisp,
> SM> This is a fundamental property of anything that lets gives access to
> SM> "any" library.  DSO or FFI is in the same boat.  IOW, if we really
> SM> consider it as too dangerous, then we can't provide anything related to
> SM> an FFI or dynamic loading of code.
> This is where package signing becomes important.  We can require two
> signatures from two separate reviewers for high-risk packages.

Package signing is not really relevant here: knowing who signed a
package does not magically prevent emacs from crashing. If you want to
prevent crashes, then you need to isolate the third party code by
running it in a separate process.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]