emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs Lisp's future

From: Stephen J. Turnbull
Subject: Re: Emacs Lisp's future
Date: Mon, 06 Oct 2014 12:34:40 +0900 
Richard Stallman writes:

 > Given a self-contained Scheme program, it should be easy to determine
 > whether it ever examines or sets string text properties.  Is that enough
 > to provide the same "security" benefits in practice?

No.  Often systems are constructed by assembling separately developed
modules.  If a "security" module responsible for checking data
validity is property-oblivious, then maliciously crafted properties
may be able to cause "evil" behavior in a property-sensitive module
supposedly protected by the "security" module.

This kind of problem is often exposed when the "security" module was
designed for a Scheme version without some feature (here "string
properties"), and the infrastructure is updated to an interpreter
version with the feature.

You can impugn the skills of the programmers responsible, or say it's
all very hypothetical (which I admit, not being a cracker myself I
don't know how to turn such configurations into actual exploits), but
this is a common pattern for security breaches.  It's a great service
to the Internet community for the Guile developers to worry about it
and at least document the issues faced when using Guile.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]