From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Stuart D. Herring" Newsgroups: gmane.emacs.devel Subject: Re: C file recoginzed as image file Date: Mon, 8 Jan 2007 10:12:00 -0800 (PST) Message-ID: <40004.128.165.123.18.1168279920.squirrel@webmail.lanl.gov> References: Reply-To: herring@lanl.gov NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Trace: sea.gmane.org 1168279949 4647 80.91.229.12 (8 Jan 2007 18:12:29 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Mon, 8 Jan 2007 18:12:29 +0000 (UTC) Cc: Chris Moore , emacs-devel@gnu.org, Richard Stallman , c.a.rendle@gmail.com Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jan 08 19:12:27 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1H3yyp-00057v-P1 for ged-emacs-devel@m.gmane.org; Mon, 08 Jan 2007 19:12:20 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1H3yyp-0000wX-6T for ged-emacs-devel@m.gmane.org; Mon, 08 Jan 2007 13:12:19 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1H3yyb-0000w6-MK for emacs-devel@gnu.org; Mon, 08 Jan 2007 13:12:05 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1H3yya-0000vR-Qh for emacs-devel@gnu.org; Mon, 08 Jan 2007 13:12:05 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1H3yya-0000vO-OU for emacs-devel@gnu.org; Mon, 08 Jan 2007 13:12:04 -0500 Original-Received: from [192.65.95.54] (helo=mailwasher-b.lanl.gov) by monty-python.gnu.org with esmtp (Exim 4.52) id 1H3yyY-00071c-Ud; Mon, 08 Jan 2007 13:12:03 -0500 Original-Received: from mailrelay1.lanl.gov (mailrelay1.lanl.gov [128.165.4.101]) by mailwasher-b.lanl.gov (8.13.8/8.13.8/(ccn-5)) with ESMTP id l08IC1mv027963; Mon, 8 Jan 2007 11:12:01 -0700 Original-Received: from webmail1.lanl.gov (webmail1.lanl.gov [128.165.4.106]) by mailrelay1.lanl.gov (8.13.8/8.13.8/(ccn-5)) with ESMTP id l08IC1nB001384; Mon, 8 Jan 2007 11:12:01 -0700 Original-Received: from webmail1.lanl.gov (localhost.localdomain [127.0.0.1]) by webmail1.lanl.gov (8.12.11.20060308/8.12.11) with ESMTP id l08IC0v6024100; Mon, 8 Jan 2007 11:12:00 -0700 Original-Received: (from apache@localhost) by webmail1.lanl.gov (8.12.11.20060308/8.12.11/Submit) id l08IC0vZ024098; Mon, 8 Jan 2007 10:12:00 -0800 X-Authentication-Warning: webmail1.lanl.gov: apache set sender to herring@lanl.gov using -f Original-Received: from 128.165.123.18 (SquirrelMail authenticated user 196434) by webmail.lanl.gov with HTTP; Mon, 8 Jan 2007 10:12:00 -0800 (PST) In-Reply-To: Original-To: "Andreas Schwab" User-Agent: SquirrelMail/1.4.8-2.el3.7lanl X-Priority: 3 (Normal) Importance: Normal X-PMX-Version: 4.7.1.128075 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:64991 Archived-At: >> IIUC, Emacs relies on the image libraries in the same way as Emacs >> relies on zlib (or is gzip?) to (un)compress *.gz files. > > Emacs does not use zlib for (un)compressing, it calls gzip as an external > program. A bug in gzip cannot affect Emacs beyond getting a stream of > garbage bytes from it. A bug in gzip, invoked automatically on untrusted data by Emacs, could very easily affect Emacs by becoming the pawn of a remote program and then A) sending Emacs SIGKILL or B) deleting the user's .emacs file or C) (in an appropriate privilege environment) destroying the filesystem on which emacs is stored. A is obviously an overly literal effect, and precisely B happening is unlikely, but the threat of scenarios like B and C is present whether it is Emacs' memory space (via a library linked into it statically or dynamically) in which the attack occurs or it is merely due to Emacs that the attack can occur so automatically. Davis -- This product is sold by volume, not by mass. If it appears too dense or too sparse, it is because mass-energy conversion has occurred during shipping.