emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs master, security concernes, ms-windows

From: Fabrice Popineau
Subject: Re: Emacs master, security concernes, ms-windows
Date: Thu, 14 Sep 2017 15:46:21 +0200


2017-09-14 15:33 GMT+02:00 Óscar Fuentes <address@hidden>:
Fabrice Popineau <address@hidden> writes:

Apart from that, the security provided by this approach is questionable.
If the attacker has enough control to install a DLL and modify the PATH,
it is game over.

At the moment, any libpng.dll (for example) on the PATH can be loaded by emacs.
With this restriction, only the one provided with an emacs package will be.

I came to 'fix' this because I am using the Anaconda Python distribution which also
provides its own set of dlls. At some point I got a failure because their dlls got loaded,
instead of the mingw64 ones.

Finally, this patch can be a hindrance for those who build Emacs. After
the build is over, you need to copy the required extra dlls (for image
support, etc) to the build binary directory to test or use Emacs. Not a
huge inconvenience, but it isn't irrelevant either.


That's true.
 
-- 
Fabrice
reply via email to
[Prev in Thread] Current Thread [Next in Thread]