[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Image mode
|
From: |
David Kastrup |
|
Subject: |
Re: Image mode |
|
Date: |
Tue, 06 Feb 2007 10:27:50 +0100 |
|
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) |
"Juanma Barranquero" <address@hidden> writes:
> On 2/6/07, David Kastrup <address@hidden> wrote:
>
>> And I ask why a user would open a binary image file in Emacs (short
>> of using hexl-mode) if he did not intend to see it as an image?
>
> Let's not go in circles. My remark, that you quoted, was not about
> the user opening binary images as other than images, but whether we
> would warn the user or not that images could be dangerous.
>
> I don't like the warning; but for a while we were doing it, and it
> seems that with Chong's proposed answers, we won't now (although I'm
> not sure what's the status after Richard's latest comment). I was
> asking whether we had changed the policy.
If there ever was a "policy" instead of just an implementation, I
don't think it was sensible. Image libraries are not inherently
insecure (like, say, setuid shellscripts are). We don't warn users
before starting an X session even though there are sometimes
vulnerabilities found in the Xlib library.
The only safe way around those vulnerabilities is to compile Emacs
without those libraries.
Short of that, there is some "reasonable expectation" of what will and
what will not happen.
If the user _knows_ that Xlib is a current attack vector, she has the
option of using "emacs -nw". In a similar vein, if she knows about a
jpeg library vulnerability, she might refrain from opening "xxx.jpg"
in Emacs.
Our current scheme is not completely usable for the sake of manual
corruption prevention since it is possible to name a JPEG file
"xxx.png", and a user knowing about a JPEG vulnerability would open
it unsuspectingly.
On the other hand, there are cases of thumbnail files with the same
file name (including extension) as their source image, but a different
file format.
The "minimized amount of surprise" would ask if the auto detection
arrives at a different image format (not just at a different
is-an-image-p) than the extension.
As long as file type and extension are compatible, I see no reason for
user feedback before treating the file as an image.
--
David Kastrup
- Re: Image mode, (continued)
- Re: Image mode, Chong Yidong, 2007/02/05
- Re: Image mode, Juanma Barranquero, 2007/02/05
- Re: Image mode, Chong Yidong, 2007/02/05
- Re: Image mode, Juanma Barranquero, 2007/02/05
- Re: Image mode, Chong Yidong, 2007/02/05
- Re: Image mode, Juanma Barranquero, 2007/02/05
- Re: Image mode, David Kastrup, 2007/02/06
- Re: Image mode, Juanma Barranquero, 2007/02/06
- Re: Image mode, David Kastrup, 2007/02/06
- Re: Image mode, Juanma Barranquero, 2007/02/06
- Re: Image mode,
David Kastrup <=
- Re: Image mode, Juanma Barranquero, 2007/02/06
- Re: Image mode, David Kastrup, 2007/02/06
- Re: Image mode, Juanma Barranquero, 2007/02/06
- Re: Image mode, David Kastrup, 2007/02/06
- Re: Image mode, Juanma Barranquero, 2007/02/06
- Re: Image mode, David Kastrup, 2007/02/06
- Re: Image mode, Juanma Barranquero, 2007/02/06
- Re: Image mode, Richard Stallman, 2007/02/06
- Re: Image mode, David Kastrup, 2007/02/06
- Re: Image mode, Richard Stallman, 2007/02/07