[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs Lisp's future

From: Richard Stallman
Subject: Re: Emacs Lisp's future
Date: Fri, 10 Oct 2014 10:23:50 -0400

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

     > you need to show it is real security and really does a useful job.

    I suspect I can't give you a convincing example, because I haven't
    studied the Guile modules "at risk",

Someone else is welcome to convince me, too.

It seems to me that what your argument must be false.
You're saying that module A could pass data to module C
through properties in a string passed through module B.
Yes, it could.  But module A could put the same data in
a global variable and C could read it there.

So where is the "security"?

    Or how about the recent bash lossage?  s-expressions are just Lisp
    data, and could be placed in a property.

These two cases are different in their essential structure.  The Bash
case involves a browser that sends data thru Apache to trick Bash,
with both Apache and Bash being honest.  To do this, it has to fiddle
with data that Bash will look at for some legitimate purpose.

In this case, we have to suppose that A and C are BOTH malicious, and
the question is whether B can (as a security measure) prevent them
from communicating.

I challenge people to demonstrate that Guile provides some real
security against such communication, in the absence of text properties
in strings.

If you can't, then pipe down and leave this to someone else who can.

Dr Richard Stallman
President, Free Software Foundation
51 Franklin St
Boston MA 02110
www.fsf.org  www.gnu.org
Skype: No way! That's nonfree (freedom-denying) software.
  Use Ekiga or an ordinary phone call.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]