Re: DSO-style FFI

[Davis Herring]

> That's pretty dangerous, isn't it?  Any memory corruption, intentional
> or not, could affect the user significantly.  Is that an acceptable risk?

Intentional memory corruption is entirely beside the point -- you're
already planning to run whatever code the DSO provides with your current
security credentials.  (You even already run DSO-specified code as soon
as you call dlopen().)

As for accidental corruption, you can at least protect your Lisp_Objects
by controlling how you copy data into and out of them.  (Of course, a
wild pointer can corrupt absolutely anything, but you're not very likely
to be in an undesirable "Emacs appears functional but is confused" state.)

Davis

-- 
This product is sold by volume, not by mass.  If it appears too dense or
too sparse, it is because mass-energy conversion has occurred during
shipping.