From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Chris Moore Newsgroups: gmane.emacs.devel Subject: Re: C file recoginzed as image file Date: Sat, 06 Jan 2007 13:48:20 +0100 Message-ID: References: NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1168087729 2172 80.91.229.12 (6 Jan 2007 12:48:49 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Sat, 6 Jan 2007 12:48:49 +0000 (UTC) Cc: c.a.rendle@gmail.com, emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Jan 06 13:48:49 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1H3Ayc-0002ho-8S for ged-emacs-devel@m.gmane.org; Sat, 06 Jan 2007 13:48:46 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1H3Ayb-0003ZK-R5 for ged-emacs-devel@m.gmane.org; Sat, 06 Jan 2007 07:48:45 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1H3AyR-0003ZA-1C for emacs-devel@gnu.org; Sat, 06 Jan 2007 07:48:35 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1H3AyP-0003Yn-9j for emacs-devel@gnu.org; Sat, 06 Jan 2007 07:48:34 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1H3AyP-0003Yj-5l for emacs-devel@gnu.org; Sat, 06 Jan 2007 07:48:33 -0500 Original-Received: from [66.249.92.170] (helo=ug-out-1314.google.com) by monty-python.gnu.org with esmtp (Exim 4.52) id 1H3AyO-0000cY-KR for emacs-devel@gnu.org; Sat, 06 Jan 2007 07:48:32 -0500 Original-Received: by ug-out-1314.google.com with SMTP id j3so6606948ugf for ; Sat, 06 Jan 2007 04:48:31 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:to:cc:references:from:date:in-reply-to:message-id:user-agent:mime-version:content-type:x-sa-exim-connect-ip:x-sa-exim-mail-from:x-spam-checker-version:x-spam-level:x-spam-status:subject:x-sa-exim-version:x-sa-exim-scanned:sender; b=IwKZ/KulRo3VfjGgLNw0Sb9in9h0b1wHyJlzJb4ef6/lrpieDo5dZrMqX7VAEsIGeF64GGfk5/jeZnnXI34oNt0Vtlh4gnXCBABkrHBQN4aTXeUm3QacVoyhp+sfQ1WdpKFl5gAzMBynrunA4lUyf2HPxPfvStMgnC0C7DqTkuE= Original-Received: by 10.66.216.1 with SMTP id o1mr31164430ugg.1168087711355; Sat, 06 Jan 2007 04:48:31 -0800 (PST) Original-Received: from chrislap.local ( [89.176.28.156]) by mx.google.com with ESMTP id s1sm30740262uge.2007.01.06.04.48.29; Sat, 06 Jan 2007 04:48:29 -0800 (PST) Original-Received: from localhost ([127.0.0.1] helo=chrislap.local) by chrislap.local with esmtp (Exim 4.63) (envelope-from ) id 1H3AyD-0001O0-3Y; Sat, 06 Jan 2007 13:48:23 +0100 Original-To: rms@gnu.org In-Reply-To: (Richard Stallman's message of "Fri\, 05 Jan 2007 21\:55\:10 -0500") User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.92 (gnu/linux) X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: dooglus@gmail.com X-SA-Exim-Version: 4.2.1 (built Sun, 03 Dec 2006 00:39:09 +0000) X-SA-Exim-Scanned: Yes (on chrislap.local) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:64878 Archived-At: Richard Stallman writes: > I don't want this situation to be possible in Emacs: > > I receive a file foo.c in an email, save it to disk and open it in > Emacs, knowing that the .c type is opened in cc-mode which is safe. > To my horror, the file actually contains an evil .jpg file which > causes a buffer overflow in the jpg library; when it's displayed it > infects my machine with a virus. > > Compare that with this scenario: > > You receive a file foo.jpg in an email, you save it to disk > and open it in Emacs, figuring that a jpg file ought to be safe. > To your horror, the file actually contains an evil .jpg file which > causes a buffer overflow in the jpg library; when it's displayed it > infects your machine with a virus. > > Assuming there is such a bug in the jpg library, the latter scenario > seems much more likely than the former. That's a big assumption to make. There have been many exploitable bugs in image libraries in recent years. Because of this, I wouldn't figure that a jpg file is safe to open, whereas I would figure that a C source file is safe to open. > Besides which, a jpg file starts with characters that don't make any > sense at the start of a C file. So if it looks like a plausible C > file, it won't be treated as a jpeg. If it looks like a plausible C file to who? In the case I described all I've seen so far is the file's name so as far as I know it is a C source file. I try to examine the contents using Emacs, and it is displayed as an image.