From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Chris Moore <dooglus@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Re: C file recoginzed as image file
Date: Sun, 07 Jan 2007 10:04:29 +0100
Message-ID: <m28xgfmcma.fsf@gmail.com>
References: <loom.20070105T152213-693@post.gmane.org>
	<m23b6pzg3g.fsf@gmail.com> <m2y7ohy0s1.fsf@gmail.com>
	<f7ccd24b0701051102n4866b1cbi35465c3a22291ba4@mail.gmail.com>
	<jwvlkkgyhcv.fsf-monnier+emacs@gnu.org>
	<E1H3OzT-0001gy-8M@fencepost.gnu.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1168160702 27165 80.91.229.12 (7 Jan 2007 09:05:02 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Sun, 7 Jan 2007 09:05:02 +0000 (UTC)
Cc: lekktu@gmail.com, emacs-devel@gnu.org,
	Stefan Monnier <monnier@iro.umontreal.ca>, c.a.rendle@gmail.com
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Jan 07 10:05:00 2007
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1H3Txb-00040l-FG
	for ged-emacs-devel@m.gmane.org; Sun, 07 Jan 2007 10:04:59 +0100
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1H3Txa-0007y7-Uc
	for ged-emacs-devel@m.gmane.org; Sun, 07 Jan 2007 04:04:59 -0500
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1H3TxK-0007wm-K5
	for emacs-devel@gnu.org; Sun, 07 Jan 2007 04:04:42 -0500
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1H3TxJ-0007vG-6U
	for emacs-devel@gnu.org; Sun, 07 Jan 2007 04:04:42 -0500
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1H3TxI-0007v6-Sr
	for emacs-devel@gnu.org; Sun, 07 Jan 2007 04:04:40 -0500
Original-Received: from [66.249.92.172] (helo=ug-out-1314.google.com)
	by monty-python.gnu.org with esmtp (Exim 4.52) id 1H3TxI-0001p7-9V
	for emacs-devel@gnu.org; Sun, 07 Jan 2007 04:04:40 -0500
Original-Received: by ug-out-1314.google.com with SMTP id j3so6707744ugf
	for <emacs-devel@gnu.org>; Sun, 07 Jan 2007 01:04:39 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:to:cc:references:from:date:in-reply-to:message-id:user-agent:mime-version:content-type:x-sa-exim-connect-ip:x-sa-exim-mail-from:x-spam-checker-version:x-spam-level:x-spam-status:subject:x-sa-exim-version:x-sa-exim-scanned:sender;
	b=HzgdLLRWGH7pENOTX/qqrlapjMIUIxtcnBDy9Ne3o6ckRxqW6o8fJ2UI88DOQp4A2uYgbu2Fzc7jon1jrzivZlSntKmKZhNtHIczKl9iwcJTb+ho2EbYUPw/s1GL3ZkqeraPXEeWX67cEC8gvzIarUkqegC5q7vvsSro4IeseLM=
Original-Received: by 10.66.232.11 with SMTP id e11mr33128659ugh.1168160679203;
	Sun, 07 Jan 2007 01:04:39 -0800 (PST)
Original-Received: from chrislap.local ( [89.176.28.156])
	by mx.google.com with ESMTP id 32sm37660155ugf.2007.01.07.01.04.38;
	Sun, 07 Jan 2007 01:04:38 -0800 (PST)
Original-Received: from localhost ([127.0.0.1] helo=chrislap.local)
	by chrislap.local with esmtp (Exim 4.63)
	(envelope-from <dooglus@gmail.com>)
	id 1H3Tx7-0000K2-HO; Sun, 07 Jan 2007 10:04:31 +0100
Original-To: rms@gnu.org
In-Reply-To: <E1H3OzT-0001gy-8M@fencepost.gnu.org> (Richard Stallman's message
	of "Sat\, 06 Jan 2007 22\:46\:35 -0500")
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.92 (gnu/linux)
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: dooglus@gmail.com
X-SA-Exim-Version: 4.2.1 (built Sun, 03 Dec 2006 00:39:09 +0000)
X-SA-Exim-Scanned: Yes (on chrislap.local)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:64905
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/64905>

Richard Stallman <rms@gnu.org> replies:

> The reason I decided to detect images by their contents rather than
> by their file names is that it seems more correct as a way of
> recognizing them.

So if someone sends me a virus in image format disguised as Emacs Lisp
code, the correct thing to do is to install the virus, rather than
display it safely in Emacs Lisp mode?  Because that's what Emacs will
currently do.

I just checked what GNOME's file manager does if I rename an image to
"foo.txt" and then try to view it by double-clicking it.

A dialog box pops up saying:


  Cannot open foo.txt

  The filename "foo.txt" indicates that this file is of type "plain
  text document". The contents of the file indicate that the file is
  of type "JPEG image". If you open this file, the file might present
  a security risk to your system.

  Do not open the file unless you created the file yourself, or
  received the file from a trusted source. To open the file, rename
  the file to the correct extension for "JPEG image", then open the
  file normally. Alternatively, use the Open With menu to choose a
  specific application for the file.

                             [Cancel]


Notice that there isn't even an option for "open it anyway" - just
"cancel".  So the GNOME designers obviously think this is enough of a
problem to fix it.

I don't see the point of leaving this security hole in Emacs just
before a release.