[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Image mode
From: |
Slawomir Nowaczyk |
Subject: |
Re: Image mode |
Date: |
Tue, 06 Feb 2007 12:09:07 +0100 |
On Sun, 04 Feb 2007 20:40:39 -0500
Chong Yidong <address@hidden> wrote:
#> Juri Linkov <address@hidden> writes:
#>
#> > A different case is image autodetection. When the image file has an
#> > extension unusual for image files or has no extension at all, then it
#> > would be a (possibly bad) surprise for the user to see it displayed as
#> > an image. I agree that there should be an option that by default before
#> > displaying the image from files with non-image extensions should either
#> > ask for confirmation before visiting such file in image-mode, or (better)
#> > visit the file just in image-minor-mode with more explanations shown
#> > in the echo area.
#>
#> As Richard has argued, IF displaying an image can cause a security
#> risk, it doesn't matter whether or not that image was autodetected or
#> had the relevant file name. So let's please not worry about this.
I disagree. For me, at least, *all* that matters is if the filename
matches the image contents.
About the only case when I care about security when opening images are
things which I receive in emails (sure, there is a chance a virus image
sits somewhere on my disk or on one of the web pages I view, but if that
is the case, then I am likely to fall victim to it anyway, because I
will likely open it in something else than Emacs).
What I am interested in is making sure that I am safe when I receive an
email containing attachment with .txt or .c extension and I decide to
view it in Emacs. I do *not* want it to display it as an image *without*
asking for confirmation (one way or another).
OTOH, if I decide to open an attachment with .jpeg extension, then I am
apparently willing to trust the source and I am perfectly OK with Emacs
displaying it as an image (if Emacs refuses to display such images, I
will just use Firefox or IrfanView, which are more or less equally
susceptible to attacks)...
Please, trust the user! If I say I want Emacs to open a.jpeg, that means
I want to open an image. If I say I want Emacs to open a.txt, then I
expect this action to be safe.
YMMV, of course, and I do not require the above to the *default*
configuration, but _please_ make this behaviour possible -- and,
preferably, easy to achieve because I really believe that is the only
sane configuration for security-aware users.
--
Best wishes,
Slawomir Nowaczyk
( address@hidden )
The glass is not half full, nor half empty. The glass is just too big.
Re: Image mode, Stefan Monnier, 2007/02/05
Re: Image mode, Chris Moore, 2007/02/05
Re: Image mode, Juri Linkov, 2007/02/05
Re: Image mode,
Slawomir Nowaczyk <=
Re: Image mode, Richard Stallman, 2007/02/05