From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: David Kastrup Newsgroups: gmane.emacs.devel Subject: Re: Image mode Date: Tue, 06 Feb 2007 10:27:50 +0100 Message-ID: <86ps8nmy95.fsf@lola.quinscape.zz> References: <87k5yxeg19.fsf@jurta.org> <87lkjc5opu.fsf@stupidchicken.com> <87d54ob8c5.fsf@stupidchicken.com> <87iregmafd.fsf@stupidchicken.com> <86irefojcc.fsf@lola.quinscape.zz> <86tzxzn0bx.fsf@lola.quinscape.zz> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1170754117 24937 80.91.229.12 (6 Feb 2007 09:28:37 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 6 Feb 2007 09:28:37 +0000 (UTC) Cc: Chong Yidong , emacs-devel@gnu.org To: "Juanma Barranquero" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Feb 06 10:28:32 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1HEMcp-0001xu-31 for ged-emacs-devel@m.gmane.org; Tue, 06 Feb 2007 10:28:31 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HEMcl-0001QZ-Ul for ged-emacs-devel@m.gmane.org; Tue, 06 Feb 2007 04:28:27 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HEMcV-0001Pp-Ox for emacs-devel@gnu.org; Tue, 06 Feb 2007 04:28:11 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HEMcU-0001Pd-EE for emacs-devel@gnu.org; Tue, 06 Feb 2007 04:28:10 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HEMcU-0001Pa-BB for emacs-devel@gnu.org; Tue, 06 Feb 2007 04:28:10 -0500 Original-Received: from pc3.berlin.powerweb.de ([62.67.228.11]) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HEMcT-0004rW-Rn for emacs-devel@gnu.org; Tue, 06 Feb 2007 04:28:10 -0500 Original-Received: from quinscape.de (pd95b0fdb.dip0.t-ipconnect.de [217.91.15.219]) by pc3.berlin.powerweb.de (8.9.3p3/8.9.3) with ESMTP id KAA04496 for ; Tue, 6 Feb 2007 10:28:04 +0100 X-Delivered-To: Original-Received: (qmail 7395 invoked from network); 6 Feb 2007 09:28:03 -0000 Original-Received: from unknown (HELO lola.quinscape.zz) ([10.0.3.43]) (envelope-sender ) by ns.quinscape.de (qmail-ldap-1.03) with SMTP for ; 6 Feb 2007 09:28:03 -0000 Original-Received: by lola.quinscape.zz (Postfix, from userid 1001) id C6C33C19C8; Tue, 6 Feb 2007 10:27:50 +0100 (CET) In-Reply-To: (Juanma Barranquero's message of "Tue\, 6 Feb 2007 10\:06\:37 +0100") User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) X-detected-kernel: Linux 2.4-2.6 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:65996 Archived-At: "Juanma Barranquero" writes: > On 2/6/07, David Kastrup wrote: > >> And I ask why a user would open a binary image file in Emacs (short >> of using hexl-mode) if he did not intend to see it as an image? > > Let's not go in circles. My remark, that you quoted, was not about > the user opening binary images as other than images, but whether we > would warn the user or not that images could be dangerous. > > I don't like the warning; but for a while we were doing it, and it > seems that with Chong's proposed answers, we won't now (although I'm > not sure what's the status after Richard's latest comment). I was > asking whether we had changed the policy. If there ever was a "policy" instead of just an implementation, I don't think it was sensible. Image libraries are not inherently insecure (like, say, setuid shellscripts are). We don't warn users before starting an X session even though there are sometimes vulnerabilities found in the Xlib library. The only safe way around those vulnerabilities is to compile Emacs without those libraries. Short of that, there is some "reasonable expectation" of what will and what will not happen. If the user _knows_ that Xlib is a current attack vector, she has the option of using "emacs -nw". In a similar vein, if she knows about a jpeg library vulnerability, she might refrain from opening "xxx.jpg" in Emacs. Our current scheme is not completely usable for the sake of manual corruption prevention since it is possible to name a JPEG file "xxx.png", and a user knowing about a JPEG vulnerability would open it unsuspectingly. On the other hand, there are cases of thumbnail files with the same file name (including extension) as their source image, but a different file format. The "minimized amount of surprise" would ask if the auto detection arrives at a different image format (not just at a different is-an-image-p) than the extension. As long as file type and extension are compatible, I see no reason for user feedback before treating the file as an image. -- David Kastrup