[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Emacs dependencies vs. security

From: Ivan Shmakov
Subject: Emacs dependencies vs. security
Date: Fri, 21 Nov 2014 16:22:46 +0000
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)

>>>>> Stephen J Turnbull <address@hidden> writes:
>>>>> Richard Stallman writes:

 >>> (I agree with you that Emacs that has an attack surface that
 >>> amounts to the whole world, and practically, that securing it is
 >>> too hard to think about succeeding, but that's not a popular view
 >>> on this list.  And it's just theory.)

 >> We have done substantial work to make Emacs secure against just
 >> visiting a malicious file.

 > Yes.  But Emacs nowadays depends on a large number of external
 > libraries, many of which are known to have had security flaws.

        Fortunately, most (if not all) of these libraries are entirely
        optional.  FWIW, the build I use for Emacs development is linked
        against GnuTLS, libxml, the compression libraries (Libz,
        Liblzma), and what seems to be their respective dependencies
        (Glib, libgcrypt, libtasn1, etc.)


FSF associate member #7257  http://boycottsystemd.org/  … 3013 B6A0 230E 334A

reply via email to

[Prev in Thread] Current Thread [Next in Thread]