From: David Kastrup <dak@gnu.org>
To: "Juanma Barranquero" <lekktu@gmail.com>
Cc: Chong Yidong <cyd@stupidchicken.com>, emacs-devel@gnu.org
Subject: Re: Image mode
Date: Tue, 06 Feb 2007 10:27:50 +0100 [thread overview]
Message-ID: <86ps8nmy95.fsf@lola.quinscape.zz> (raw)
In-Reply-To: <f7ccd24b0702060106n51990424sbeaf4e407677af81@mail.gmail.com> (Juanma Barranquero's message of "Tue\, 6 Feb 2007 10\:06\:37 +0100")
"Juanma Barranquero" <lekktu@gmail.com> writes:
> On 2/6/07, David Kastrup <dak@gnu.org> wrote:
>
>> And I ask why a user would open a binary image file in Emacs (short
>> of using hexl-mode) if he did not intend to see it as an image?
>
> Let's not go in circles. My remark, that you quoted, was not about
> the user opening binary images as other than images, but whether we
> would warn the user or not that images could be dangerous.
>
> I don't like the warning; but for a while we were doing it, and it
> seems that with Chong's proposed answers, we won't now (although I'm
> not sure what's the status after Richard's latest comment). I was
> asking whether we had changed the policy.
If there ever was a "policy" instead of just an implementation, I
don't think it was sensible. Image libraries are not inherently
insecure (like, say, setuid shellscripts are). We don't warn users
before starting an X session even though there are sometimes
vulnerabilities found in the Xlib library.
The only safe way around those vulnerabilities is to compile Emacs
without those libraries.
Short of that, there is some "reasonable expectation" of what will and
what will not happen.
If the user _knows_ that Xlib is a current attack vector, she has the
option of using "emacs -nw". In a similar vein, if she knows about a
jpeg library vulnerability, she might refrain from opening "xxx.jpg"
in Emacs.
Our current scheme is not completely usable for the sake of manual
corruption prevention since it is possible to name a JPEG file
"xxx.png", and a user knowing about a JPEG vulnerability would open
it unsuspectingly.
On the other hand, there are cases of thumbnail files with the same
file name (including extension) as their source image, but a different
file format.
The "minimized amount of surprise" would ask if the auto detection
arrives at a different image format (not just at a different
is-an-image-p) than the extension.
As long as file type and extension are compatible, I see no reason for
user feedback before treating the file as an image.
--
David Kastrup
next prev parent reply other threads:[~2007-02-06 9:27 UTC|newest]
Thread overview: 164+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-04 22:52 Image mode Juri Linkov
2007-02-04 23:40 ` Juanma Barranquero
2007-02-05 1:25 ` Chong Yidong
2007-02-05 9:03 ` Juanma Barranquero
2007-02-05 9:16 ` Juanma Barranquero
2007-02-05 9:28 ` David Kastrup
2007-02-05 9:37 ` David Kastrup
2007-02-05 11:12 ` Juanma Barranquero
2007-02-06 0:16 ` Richard Stallman
2007-02-06 0:25 ` Juanma Barranquero
2007-02-06 1:37 ` Drew Adams
2007-02-06 7:18 ` David Kastrup
2007-02-06 11:09 ` Slawomir Nowaczyk
2007-02-06 0:15 ` Richard Stallman
2007-02-06 0:29 ` Lennart Borgman (gmail)
2007-02-06 4:56 ` Chong Yidong
2007-02-06 23:15 ` Richard Stallman
2007-02-06 23:41 ` Chong Yidong
2007-02-06 23:55 ` Slawomir Nowaczyk
2007-02-05 7:13 ` David Kastrup
2007-02-05 9:06 ` Juanma Barranquero
2007-02-07 19:21 ` Chong Yidong
2007-02-07 19:43 ` Stuart D. Herring
2007-02-07 21:08 ` Chong Yidong
2007-02-07 21:21 ` Stefan Monnier
2007-02-07 21:35 ` Stuart D. Herring
2007-02-07 23:07 ` Stefan Monnier
2007-02-08 9:33 ` Jason Rumney
2007-02-08 16:38 ` Stefan Monnier
2007-02-08 16:55 ` Stuart D. Herring
2007-02-08 18:36 ` Chong Yidong
2007-02-07 22:55 ` Kim F. Storm
2007-02-07 23:27 ` Juri Linkov
2007-02-08 9:30 ` Jason Rumney
2007-02-08 15:23 ` Chong Yidong
2007-02-05 1:40 ` Chong Yidong
2007-02-05 4:21 ` Miles Bader
2007-02-05 10:58 ` Kim F. Storm
2007-02-05 11:02 ` Lennart Borgman (gmail)
2007-02-05 11:16 ` Juanma Barranquero
2007-02-05 11:26 ` David Kastrup
2007-02-05 11:39 ` Juanma Barranquero
2007-02-05 11:48 ` David Kastrup
2007-02-05 12:00 ` Juanma Barranquero
2007-02-05 12:08 ` David Kastrup
2007-02-05 12:16 ` Juanma Barranquero
2007-02-05 19:00 ` Stefan Monnier
2007-02-06 0:16 ` Richard Stallman
2007-02-06 0:32 ` Lennart Borgman (gmail)
2007-02-06 23:14 ` Richard Stallman
2007-02-06 7:16 ` David Kastrup
2007-02-05 12:46 ` Lennart Borgman (gmail)
2007-02-05 12:57 ` Juanma Barranquero
2007-02-05 12:58 ` David Kastrup
2007-02-05 14:47 ` Mathias Dahl
2007-02-05 14:54 ` Juanma Barranquero
2007-02-05 17:08 ` Chong Yidong
2007-02-05 18:35 ` Mathias Dahl
2007-02-05 18:35 ` Jason Rumney
2007-02-05 19:06 ` Chong Yidong
2007-02-05 19:14 ` Juanma Barranquero
2007-02-05 19:26 ` Juanma Barranquero
2007-02-05 19:28 ` Chong Yidong
2007-02-05 19:51 ` Juanma Barranquero
2007-02-05 20:12 ` Stefan Monnier
2007-02-05 20:14 ` Juanma Barranquero
2007-02-05 20:13 ` Chong Yidong
2007-02-05 20:21 ` Juanma Barranquero
2007-02-05 20:33 ` Chong Yidong
2007-02-05 21:25 ` Juanma Barranquero
2007-02-05 21:30 ` Chong Yidong
2007-02-05 22:25 ` Juanma Barranquero
2007-02-05 23:50 ` Chong Yidong
2007-02-06 0:17 ` Juanma Barranquero
2007-02-06 7:06 ` David Kastrup
2007-02-06 8:30 ` Juanma Barranquero
2007-02-06 8:42 ` David Kastrup
2007-02-06 9:06 ` Juanma Barranquero
2007-02-06 9:27 ` David Kastrup [this message]
2007-02-06 9:43 ` Juanma Barranquero
2007-02-06 10:29 ` David Kastrup
2007-02-06 10:57 ` Juanma Barranquero
2007-02-06 11:10 ` David Kastrup
2007-02-06 11:42 ` Juanma Barranquero
2007-02-06 11:48 ` David Kastrup
2007-02-06 12:02 ` Juanma Barranquero
2007-02-06 23:16 ` Richard Stallman
2007-02-07 0:06 ` David Kastrup
2007-02-07 19:41 ` Richard Stallman
2007-02-07 19:41 ` Richard Stallman
2007-02-07 16:10 ` Stuart D. Herring
2007-02-09 17:24 ` Chris Moore
2007-02-09 18:14 ` Stuart D. Herring
2007-02-09 18:22 ` Chong Yidong
2007-02-12 4:55 ` Richard Stallman
2007-02-13 6:01 ` Chris Moore
2007-02-13 23:36 ` Richard Stallman
2007-02-06 23:16 ` Richard Stallman
2007-02-06 23:47 ` David Kastrup
2007-02-07 19:41 ` Richard Stallman
2007-02-06 1:46 ` Miles Bader
2007-02-06 11:53 ` Slawomir Nowaczyk
2007-02-06 15:15 ` Stefan Monnier
2007-02-06 15:46 ` Jason Rumney
2007-02-06 16:08 ` Chong Yidong
2007-02-06 16:58 ` Jason Rumney
2007-02-06 17:10 ` Chong Yidong
2007-02-06 23:51 ` Kim F. Storm
2007-02-07 0:03 ` Chong Yidong
2007-02-07 0:41 ` Kim F. Storm
2007-02-05 20:24 ` Juanma Barranquero
2007-02-05 20:36 ` Chong Yidong
2007-02-05 20:20 ` Chong Yidong
2007-02-05 20:33 ` Juanma Barranquero
2007-02-06 17:08 ` Richard Stallman
2007-02-06 17:56 ` Juanma Barranquero
2007-02-07 1:37 ` Richard Stallman
2007-02-07 1:42 ` Juanma Barranquero
2007-02-07 7:15 ` David Kastrup
2007-02-07 8:09 ` Juanma Barranquero
2007-02-07 19:41 ` Richard Stallman
2007-02-06 17:08 ` Richard Stallman
2007-02-06 23:46 ` Chris Moore
2007-02-06 23:58 ` Chong Yidong
2007-02-07 16:59 ` Chris Moore
2007-02-08 0:52 ` Richard Stallman
2007-02-09 17:17 ` Chris Moore
2007-02-10 9:51 ` Eli Zaretskii
2007-02-05 19:06 ` Juanma Barranquero
2007-02-05 21:27 ` Juri Linkov
2007-02-06 11:42 ` Slawomir Nowaczyk
2007-02-05 19:07 ` Lennart Borgman (gmail)
2007-02-06 9:19 ` Jason Rumney
2007-02-06 9:35 ` David Kastrup
2007-02-06 9:46 ` Lennart Borgman (gmail)
2007-02-06 10:21 ` Mathias Dahl
2007-02-06 16:50 ` Stefan Monnier
2007-02-05 21:28 ` Juri Linkov
2007-02-05 21:35 ` Lennart Borgman (gmail)
2007-02-05 21:38 ` Chong Yidong
2007-02-05 22:02 ` Stefan Monnier
2007-02-06 17:09 ` Richard Stallman
2007-02-05 11:15 ` Juanma Barranquero
2007-02-05 21:45 ` Kim F. Storm
2007-02-05 21:53 ` Chris Moore
2007-02-05 12:22 ` Miles Bader
[not found] ` <E1HEE0j-0004T3-Rc@fencepost.gnu.org>
2007-02-06 7:20 ` David Kastrup
2007-02-06 23:15 ` Richard Stallman
2007-02-06 10:53 ` Lars Magne Ingebrigtsen
2007-02-06 23:16 ` Richard Stallman
2007-02-06 12:26 ` Kim F. Storm
2007-02-06 12:46 ` David Kastrup
2007-02-06 16:48 ` Stefan Monnier
2007-02-05 18:56 ` Stefan Monnier
2007-02-05 19:08 ` Chong Yidong
2007-02-05 19:28 ` Stefan Monnier
2007-02-05 21:12 ` Chris Moore
2007-02-05 21:28 ` Juri Linkov
2007-02-06 11:09 ` Slawomir Nowaczyk
2007-02-05 19:10 ` Richard Stallman
2007-02-05 21:25 ` Chris Moore
2007-02-06 17:09 ` Richard Stallman
2007-02-06 22:54 ` David Kastrup
2007-02-07 1:37 ` Richard Stallman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86ps8nmy95.fsf@lola.quinscape.zz \
--to=dak@gnu.org \
--cc=cyd@stupidchicken.com \
--cc=emacs-devel@gnu.org \
--cc=lekktu@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).