[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Emacs Lisp's future
From: |
Stephen J. Turnbull |
Subject: |
Re: Emacs Lisp's future |
Date: |
Mon, 06 Oct 2014 12:18:49 +0900 |
Richard Stallman writes:
> I'd like to know how it is that "raw bytes" have security implications.
> Are there programs that make assumptions about the contents of strings?
> That seems like bad design.
Yes, they do, and no, it's poor implementation, not bad design --
they're conforming to standards that say that string contents will
have a specific form and are unfortunately imperfectly protected from
invalid input by their I/O modules (for example, the \201 bug in Emacs
itself).
As a consequence it's often possible to crash a program that is
incompletely robust to invalid encodings. If that program is a
spam/virus checker, and the problem is compounded by a site policy
that accepts mail when the checker fails, anything can happen.
That's just an example.
- Re: Emacs Lisp's future, Mark H Weaver, 2014/10/05
- Re: Emacs Lisp's future, Richard Stallman, 2014/10/05
- Re: Emacs Lisp's future,
Stephen J. Turnbull <=
- Re: Emacs Lisp's future, Richard Stallman, 2014/10/06
- Re: Emacs Lisp's future, Stephen J. Turnbull, 2014/10/06
- Re: Emacs Lisp's future, Richard Stallman, 2014/10/07
- Re: Emacs Lisp's future, Stephen J. Turnbull, 2014/10/07
- Re: Emacs Lisp's future, David Kastrup, 2014/10/07
- Re: Emacs Lisp's future, Stephen J. Turnbull, 2014/10/07
- Re: Emacs Lisp's future, David Kastrup, 2014/10/07
- Re: Emacs Lisp's future, Thien-Thi Nguyen, 2014/10/10
Re: Emacs Lisp's future, Mark H Weaver, 2014/10/06