|
| From: | Jacob Bachmeyer |
| Subject: | Re: Preview: portable dumper |
| Date: | Tue, 06 Dec 2016 17:13:52 -0600 |
| User-agent: | Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.22) Gecko/20090807 MultiZilla/1.8.3.4e SeaMonkey/1.1.17 Mnenhy/0.7.6.0 |
(Or we could just randomize per-user and dump Emacs the first time it runs for a particular user? If we do that after loading ~/.emacs, we also improve people's startup time. Invalidating and regenerating the dump when configuration changes would be a challenge though.)
That should not be too difficult, if you can track which files were read when creating the dump and store some fields from the stat(2) information on those files in the dump. I am using this approach in a packaging system that I am developing to close a race between attaching a file to an archive handle and actually writing the archive, at which time the digest of the file is computed. (I wanted to avoid reading input files twice.)
I take a conservative approach and verify that the st_{ino,dev,size,blocks,{m,c}tim{e,.tv_nsec}} fields are all unchanged. For my use, writing the archive produces a hard failure if this check fails; for Emacs, failing that check would indicate "time to rebuild the fast-load cache".
On the other hand, I think that per-user dumps are a bad idea--the Emacs dump is an inscrutable binary blob and therefore a good place for an intruder to hide persistent nastiness. This could allow an intruder to add a back door to a user's Emacs in a difficult-to-detect manner while needing only temporary access to that user's account, say, from exploiting any program that user runs.
-- Jacob
| [Prev in Thread] | Current Thread | [Next in Thread] |