From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: David Kastrup Newsgroups: gmane.emacs.devel Subject: Re: Possible problem with Gnus Date: 11 May 2004 14:40:09 +0200 Sender: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Message-ID: References: <20040509230720.GB20485@fencepost> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1084282042 7763 80.91.224.253 (11 May 2004 13:27:22 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 11 May 2004 13:27:22 +0000 (UTC) Cc: Reiner Steib , emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Tue May 11 15:27:05 2004 Return-path: Original-Received: from quimby.gnus.org ([80.91.224.244]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1BNXHk-0004ug-00 for ; Tue, 11 May 2004 15:27:04 +0200 Original-Received: from monty-python.gnu.org ([199.232.76.173]) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1BNXHe-0004Xo-00 for ; Tue, 11 May 2004 15:27:04 +0200 Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.34) id 1BNXFO-0002jT-Pd for emacs-devel@quimby.gnus.org; Tue, 11 May 2004 09:24:38 -0400 Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.34) id 1BNWs2-0006ZP-RK for emacs-devel@gnu.org; Tue, 11 May 2004 09:00:31 -0400 Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.34) id 1BNWrN-0006O0-3l for emacs-devel@gnu.org; Tue, 11 May 2004 09:00:20 -0400 Original-Received: from [199.232.76.164] (helo=fencepost.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.34) id 1BNWYT-00031Q-Tt for emacs-devel@gnu.org; Tue, 11 May 2004 08:40:18 -0400 Original-Received: from localhost ([127.0.0.1] helo=lola.goethe.zz) by fencepost.gnu.org with esmtp (Exim 4.34) id 1BNWYM-0000Je-Tn; Tue, 11 May 2004 08:40:11 -0400 Original-To: rms@gnu.org In-Reply-To: Original-Lines: 27 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3.50 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Xref: main.gmane.org gmane.emacs.devel:23142 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:23142 Richard Stallman writes: > We have to pay attention to an issue of how Gnus and other Emacs mail > readers treat MIME attachments. > > Windows viruses often spread in attachments for Word. We have to make > sure that attachments don't become a method for spreading viruses in > Emacs. Some kinds of attachments run applications that perhaps can be > assumed safe, such as a gif displayer. But attachments that run more > complex attachments, such as a browser that might execute programs > given it, have to be treated as unsafe. > > I don't use Gnus. How does a Gnus user specify to display an > attachment? Does the user do this for one specific attachment, > or for all the attachments in one message? Does Gnus ever display > attachments in a message without a specific direct user request > for that message? No, and you have to explicitly ask for display/extraction of each attachment separately. The only exception AFAICS are inline image attachments not exceeding a specific size, and text mode stuff like rich text. I don't see any application for an exploit here. The worst that can happen is that an invalid image manages to overflow a decoding buffer in case that there is a bug in the library. -- David Kastrup, Kriemhildstr. 15, 44793 Bochum