bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#19565: Emacs vulnerable to endless-data attack (minor)

From: Eli Zaretskii
Subject: bug#19565: Emacs vulnerable to endless-data attack (minor)
Date: Mon, 07 Oct 2019 19:13:11 +0300 
> From: Lars Ingebrigtsen <larsi@gnus.org>
> Cc: Stefan Kangas <stefan@marxist.se>,  19565@debbugs.gnu.org
> Date: Mon, 07 Oct 2019 03:51:35 +0200
> 
> I think it would perhaps make some sense to warn (or query) the user if
> you get more data than `large-file-warning-threshold'.  I think it would
> be pretty trivial to implement -- at least in the new with-fetched-url
> interface, which I think is where this pretty theoretical problem is
> least theoretical, perhaps?
> 
> On the other hand, I could see that in some ways it would be easier to
> implement in wait_reading_process_output: We could just maintain a byte
> counter in the process objects (if we don't do that already) and have a
> callback we call if that counter grows larger than
> `large-file-warning-threshold'.

I think this must be in terms of bytes/sec, not just bytes.  E.g., I
have a spell-checker active during my entire Emacs session (which
could go on for weeks and months on end), and I don't want to get a
prompt just because the number of bytes that went in that pipe becomes
above the threshold.  We may also need to measure the growth of the
Emacs memory footprint during that time, because if Emacs reads bytes
and discards them, it isn't going to be a problem, right?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]