[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: C file recoginzed as image file
From: |
Chris Moore |
Subject: |
Re: C file recoginzed as image file |
Date: |
Fri, 5 Jan 2007 23:23:29 +0100 |
On 1/5/07, Juanma Barranquero <address@hidden> wrote:
`magic-mode-alist' is more specific. The problem is that some of these
regexps are too permissive.
Even if magic-mode-alist was just right, and it only opened files as
images when they contain images, I don't want this mysterious .c file
I just received in the mail being opened as an image, because who
knows what it might do... I trust Emacs's cc-mode not to execute any
malicious code when displaying C source code, what with all the
file-local variable checking and so on, but I don't trust the various
image libraries which are linked into Emacs not to have remaining
buffer overflow bugs in them.
It's possible that they're all fine now, but in the last few years the
following vulnerabilities have been found in various image libraries,
all of which possibly lead to the execution of arbitrary code:
libpng:
http://www.debian.org/security/2004/dsa-536
http://www.debian.org/security/2004/dsa-570
libpng3:
http://www.debian.org/security/2004/dsa-571
tiff:
http://www.debian.org/security/2004/dsa-567
http://www.debian.org/security/2004/dsa-617
http://www.debian.org/security/2005/dsa-626
http://www.debian.org/security/2005/dsa-755
http://www.debian.org/security/2006/dsa-1054
http://www.debian.org/security/2006/dsa-1078
http://www.debian.org/security/2006/dsa-1137
wmf:
http://www.debian.org/security/2006/dsa-1194
So I wouldn't be too willing to bet that they're safe now.
When opening a file with file-local variables in it, Emacs is quite
paranoid about checking with the user whether it's OK to use the
variable definitions. But when the file contains an image file, Emacs
is happy to just display it without any kind of prompt or warning,
even when the file has a .c extension?
In short, .c files should be opened in cc-mode, no matter what they
contain, at least not without checking with the user first. "The
file's extension indicates that this is C source code, but the file
contains an image in PNG format. Display the image? (y/n)"
- C file recoginzed as image file, Charles Rendleman, 2007/01/05
- Re: C file recoginzed as image file, Chris Moore, 2007/01/05
- Re: C file recoginzed as image file, Lennart Borgman (gmail), 2007/01/05
- Re: C file recoginzed as image file, Chris Moore, 2007/01/05
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/05
- Re: C file recoginzed as image file,
Chris Moore <=
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/05
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/05
- Re: C file recoginzed as image file, Chris Moore, 2007/01/05
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/05
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/06
- Re: C file recoginzed as image file, Chris Moore, 2007/01/06
- Re: C file recoginzed as image file, Jason Rumney, 2007/01/05
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/06
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/07
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/08