From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: Re: C file recoginzed as image file Date: Tue, 09 Jan 2007 12:57:18 -0500 Message-ID: References: Reply-To: rms@gnu.org NNTP-Posting-Host: lo.gmane.org Content-Type: text/plain; charset=ISO-8859-15 X-Trace: sea.gmane.org 1168365538 2537 80.91.229.12 (9 Jan 2007 17:58:58 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 9 Jan 2007 17:58:58 +0000 (UTC) Cc: lekktu@gmail.com, emacs-devel@gnu.org, monnier@iro.umontreal.ca, c.a.rendle@gmail.com Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Jan 09 18:58:54 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1H4LFH-0005oK-0K for ged-emacs-devel@m.gmane.org; Tue, 09 Jan 2007 18:58:47 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1H4LFG-0003xq-Pf for ged-emacs-devel@m.gmane.org; Tue, 09 Jan 2007 12:58:46 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1H4LEL-0003fP-Gz for emacs-devel@gnu.org; Tue, 09 Jan 2007 12:57:49 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1H4LEK-0003en-HP for emacs-devel@gnu.org; Tue, 09 Jan 2007 12:57:48 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1H4LEK-0003ei-AI for emacs-devel@gnu.org; Tue, 09 Jan 2007 12:57:48 -0500 Original-Received: from [199.232.76.164] (helo=fencepost.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.52) id 1H4LEJ-0005vW-Vk for emacs-devel@gnu.org; Tue, 09 Jan 2007 12:57:48 -0500 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.60) (envelope-from ) id 1H4LDq-0005yD-IC; Tue, 09 Jan 2007 12:57:18 -0500 Original-To: Chris Moore In-reply-to: (message from Chris Moore on Tue, 09 Jan 2007 02:08:40 +0100) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:65067 Archived-At: > Assumption 2 is not impossible, but we don't know that anyone will > actually do it. It's not necessary for the virus to be specific to Emacs. The bug can potentially be exploitable not matter which application the library is linked to. There are two different possible ways to exploit such a bug: 1. Ways that operate directly on the file system, for which it makes no difference from which program the library is run. 2. Ways that would directly try to corrupt Emacs. If the virus works in the former way, it could do the same harm if you display the image with qiv. Protecting Emacs would be like stuffing insulation in the crack under the door while the window is wide open. Such exploits have to be blocked, and avoided, in the libraries concerned. For the second category, I see a couple of possibilities: 1. Validate the image data before calling the library (or better, in the library). 2. Have Emacs run the library in a separate program rather than in its own address space. This reduces the Emacs case to the qiv case. Most, and probably all images on any given user's system are safe to display in Emacs, but shouldn't we guard against the time that they open that one specially crafted image which infects their system? It is not clear to me what the answer to that question is. It is about the magnitude of X/Y where X and Y are both getting large.