Re: C file recoginzed as image file

[Chris Moore]

Richard Stallman <address@hidden> writes:

> It would never have occurred to me to have doubts about opening a
> JPG file.  I am sure the same is true of many Emacs users.  If we
> believe that having Emacs display JPG files as images is dangerous,
> we had better make sure Emacs NEVER does so by default.

Maybe the JPG libraries are safe and always have been, I don't know.
But all it takes is for ONE of the image libraries which Emacs uses to
be exploitable and you're finished.  Suppose that's an unpatched
vulnerability in the tiff library.  All the attacker needs to do is
rename his virus.tiff file to virus.jpg and send it to you.  You'll
open it, because you have no doubts about opening JPG files, and then
you'll be surprised to find you're infected because it wasn't actually
a JPG file at all - it was a disguised TIFF file.

>       In the case I described
>     all I've seen so far is the file's name so as far as I know it is a C
>     source file.
>
> How did the data get into a file in the first place?  Did it go
> through Emacs?  Did you see the data before you saved it in a file?

Maybe I used 'wget' to download it from a website.

Maybe I'm browsing a remote site using TRAMP in Emacs and somebody
else put the data into the file.

Maybe I saved an email attachment using GNUS.

None of these would have displayed the data before saving it.

> I never save data from a message in a file without seeing it, but
> perhaps you use a method.

How do you see it safely?  However you do it, wouldn't it be more
convenient to arrange for Emacs to do it for you, and to warn you if
the content doesn't match the extension?