[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#19565: Emacs vulnerable to endless-data attack (minor)
|
From: |
Eli Zaretskii |
|
Subject: |
bug#19565: Emacs vulnerable to endless-data attack (minor) |
|
Date: |
Sun, 06 Oct 2019 20:32:28 +0300 |
> From: Stefan Kangas <stefan@marxist.se>
> Date: Sun, 6 Oct 2019 05:13:27 +0200
> Cc: 19565@debbugs.gnu.org
>
> I think this affects more than just package.el. AFAICT, anywhere we
> use the url library, an endless data attack can get Emacs to fill up
> all available memory (wasting also bandwidth resources, of course).
At which point the system will kill the Emacs process. Why is that a
problem we need to work, given that we already have at least some
protection against stack overflows and running out of memory?
> For example, a new keyword argument :max-size, which would make it
> stop after having reached that many bytes.
The Gnu Coding Standards frown on having arbitrary limits in a
program. So this could only work if we had some reasonable way of
computing a limit that is not arbitrary.
- bug#19565: Emacs vulnerable to endless-data attack (minor), Stefan Kangas, 2019/10/05
- bug#19565: Emacs vulnerable to endless-data attack (minor),
Eli Zaretskii <=
- bug#19565: Emacs vulnerable to endless-data attack (minor), Lars Ingebrigtsen, 2019/10/06
- bug#19565: Emacs vulnerable to endless-data attack (minor), Stefan Kangas, 2019/10/07
- bug#19565: Emacs vulnerable to endless-data attack (minor), Eli Zaretskii, 2019/10/07
- bug#19565: Emacs vulnerable to endless-data attack (minor), Lars Ingebrigtsen, 2019/10/08
- bug#19565: Emacs vulnerable to endless-data attack (minor), Eli Zaretskii, 2019/10/08
- bug#19565: Emacs vulnerable to endless-data attack (minor), Stefan Kangas, 2019/10/08
- bug#19565: Emacs vulnerable to endless-data attack (minor), Eli Zaretskii, 2019/10/08
- bug#19565: Emacs vulnerable to endless-data attack (minor), Stefan Kangas, 2019/10/08
- bug#19565: Emacs vulnerable to endless-data attack (minor), Eli Zaretskii, 2019/10/08