From: Chris Moore <dooglus@gmail.com>
Cc: lekktu@gmail.com, emacs-devel@gnu.org, monnier@iro.umontreal.ca,
c.a.rendle@gmail.com
Subject: Re: C file recoginzed as image file
Date: Tue, 09 Jan 2007 02:08:40 +0100 [thread overview]
Message-ID: <m2tzz19fc7.fsf@gmail.com> (raw)
In-Reply-To: <E1H44QT-0007FM-MP@fencepost.gnu.org> (Richard Stallman's message of "Mon\, 08 Jan 2007 19\:01\:13 -0500")
Richard Stallman <rms@gnu.org> writes:
> Your conclusion is based on two assumptions: that (1) there is a bug
> in a library and (2) the image file has a virus specifically designed
> to take advantage of this bug and cause trouble in Emacs.
>
> Assumption 1 may be true occasionally, but it will be false nearly
> all the time.
While it may be true that there are no publicly disclosed bugs in
image libraries most of the time, I would question how likely it is
that there are no undisclosed bugs in image libraries at any given
point in time. It's quite possible that there's an exploitable bug in
one of the image libraries which Emacs uses which has been there since
the library was first created.
> Assumption 2 is not impossible, but we don't know that anyone will
> actually do it.
It's not necessary for the virus to be specific to Emacs. The bug can
potentially be exploitable not matter which application the library is
linked to.
> Please don't assume that the unlikely case is the only case.
I don't think it is particularly unlikely that it is possible to
construct an image file which will caused Emacs to execute malicious
code when the image is displayed. Most, and probably all images on
any given user's system are safe to display in Emacs, but shouldn't we
guard against the time that they open that one specially crafted image
which infects their system?
next prev parent reply other threads:[~2007-01-09 1:08 UTC|newest]
Thread overview: 150+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-05 14:27 C file recoginzed as image file Charles Rendleman
2007-01-05 14:46 ` Chris Moore
2007-01-05 14:52 ` Lennart Borgman (gmail)
2007-01-05 15:02 ` Chris Moore
2007-01-05 19:02 ` Juanma Barranquero
2007-01-05 22:23 ` Chris Moore
2007-01-05 22:44 ` Juanma Barranquero
2007-01-05 22:47 ` Juanma Barranquero
2007-01-05 23:01 ` Chris Moore
2007-01-05 23:15 ` Juanma Barranquero
2007-01-06 18:07 ` Richard Stallman
2007-01-06 18:49 ` Chris Moore
2007-01-06 0:12 ` Jason Rumney
2007-01-06 18:07 ` Richard Stallman
2007-01-07 19:20 ` Juanma Barranquero
2007-01-08 5:33 ` Richard Stallman
2007-01-06 2:55 ` Richard Stallman
2007-01-06 10:52 ` Juanma Barranquero
2007-01-06 3:20 ` Stefan Monnier
2007-01-06 10:58 ` Juanma Barranquero
2007-01-07 16:50 ` Mathias Dahl
2007-01-07 3:46 ` Richard Stallman
2007-01-07 5:36 ` Stefan Monnier
2007-01-08 5:32 ` Richard Stallman
2007-01-08 15:09 ` Stefan Monnier
2007-01-08 15:25 ` Kim F. Storm
2007-01-08 17:32 ` Lennart Borgman (gmail)
2007-01-08 19:54 ` Eli Zaretskii
2007-01-09 11:12 ` Jan Nieuwenhuizen
2007-01-09 11:44 ` Chong Yidong
2007-01-09 11:57 ` Jan Nieuwenhuizen
2007-01-09 12:40 ` David Kastrup
2007-01-09 13:03 ` martin rudalics
2007-01-09 12:57 ` Chong Yidong
2007-01-09 16:01 ` Stuart D. Herring
2007-01-09 13:11 ` Stephen Leake
2007-01-15 6:06 ` Giorgos Keramidas
2007-01-09 21:49 ` Eli Zaretskii
2007-01-09 22:20 ` Alan Mackenzie
2007-01-08 19:48 ` Eli Zaretskii
2007-01-08 22:34 ` Stefan Monnier
2007-01-08 23:26 ` Lennart Borgman (gmail)
2007-01-09 4:08 ` Richard Stallman
2007-01-09 9:48 ` Lennart Borgman (gmail)
2007-01-09 11:06 ` Jason Rumney
2007-01-09 12:01 ` Lennart Borgman (gmail)
2007-01-09 12:16 ` Jason Rumney
2007-01-09 12:23 ` Lennart Borgman (gmail)
2007-01-10 1:04 ` Richard Stallman
2007-01-10 9:05 ` Jason Rumney
2007-01-10 9:38 ` Lennart Borgman (gmail)
2007-01-10 23:06 ` Richard Stallman
2007-01-09 21:54 ` Eli Zaretskii
2007-01-09 21:55 ` Lennart Borgman (gmail)
2007-01-09 23:56 ` Chris Moore
2007-01-10 0:21 ` Lennart Borgman (gmail)
2007-01-10 15:11 ` Chris Moore
2007-01-10 15:17 ` Lennart Borgman (gmail)
2007-01-09 21:08 ` Richard Stallman
2007-01-09 21:40 ` Lennart Borgman (gmail)
2007-01-08 17:09 ` Stephen J. Turnbull
2007-01-08 20:26 ` Juanma Barranquero
2007-01-08 20:39 ` David Kastrup
2007-01-08 20:48 ` Juanma Barranquero
2007-01-08 20:52 ` David Kastrup
2007-01-08 21:03 ` Juanma Barranquero
2007-01-09 7:57 ` David Kastrup
2007-01-09 9:08 ` Juanma Barranquero
2007-01-09 18:50 ` Chris Moore
2007-01-09 19:47 ` Juanma Barranquero
2007-01-09 22:38 ` Stefan Monnier
2007-01-09 23:19 ` Juanma Barranquero
2007-01-10 1:12 ` Stefan Monnier
2007-01-10 1:37 ` Stephen Leake
2007-01-08 22:42 ` Juanma Barranquero
2007-01-08 23:27 ` Stefan Monnier
2007-01-08 23:39 ` Juanma Barranquero
2007-01-09 2:07 ` Stefan Monnier
2007-01-08 23:32 ` Stefan Monnier
2007-01-08 23:43 ` Juanma Barranquero
2007-01-09 0:11 ` Stuart D. Herring
2007-01-09 0:19 ` Juanma Barranquero
2007-01-09 13:16 ` Stephen Leake
2007-01-09 17:57 ` Richard Stallman
2007-01-09 19:59 ` Lennart Borgman (gmail)
2007-01-10 1:04 ` Richard Stallman
2007-01-07 9:04 ` Chris Moore
2007-01-08 5:33 ` Richard Stallman
2007-01-08 13:34 ` Chris Moore
2007-01-08 18:20 ` David Kastrup
2007-01-08 21:02 ` Chris Moore
2007-01-08 21:14 ` Chris Moore
2007-01-09 0:01 ` Richard Stallman
2007-01-09 1:08 ` Chris Moore [this message]
2007-01-09 17:57 ` Richard Stallman
2007-01-09 23:24 ` Chris Moore
2007-01-09 23:39 ` Lennart Borgman (gmail)
2007-01-10 1:00 ` Chris Moore
2007-01-10 1:05 ` Lennart Borgman (gmail)
2007-01-09 4:40 ` Stephen J. Turnbull
2007-01-09 21:07 ` Richard Stallman
2007-01-10 4:23 ` Stephen J. Turnbull
2007-01-10 23:05 ` Richard Stallman
2007-01-09 13:07 ` Stephen Leake
2007-01-09 13:25 ` Juanma Barranquero
2007-01-09 13:57 ` Vinicius Jose Latorre
2007-01-09 23:37 ` Juanma Barranquero
2007-01-15 6:10 ` Giorgos Keramidas
2007-01-09 22:58 ` Chris Moore
2007-01-09 23:31 ` Juanma Barranquero
2007-01-10 1:31 ` Stephen Leake
2007-01-08 5:33 ` Richard Stallman
2007-01-07 10:05 ` Lennart Borgman (gmail)
2007-01-06 2:55 ` Richard Stallman
2007-01-06 3:16 ` Stefan Monnier
2007-01-06 12:48 ` Chris Moore
2007-01-07 3:47 ` Richard Stallman
2007-01-07 9:21 ` Chris Moore
2007-01-07 9:58 ` Lennart Borgman (gmail)
2007-01-08 5:32 ` Richard Stallman
2007-01-08 14:05 ` Reiner Steib
2007-01-08 14:16 ` Andreas Schwab
2007-01-08 18:12 ` Stuart D. Herring
2007-01-09 0:01 ` Richard Stallman
2007-01-14 2:52 ` Giorgos Keramidas
2007-01-14 18:55 ` Sascha Wilde
2007-01-15 14:58 ` Richard Stallman
2007-01-15 15:14 ` Jason Rumney
2007-01-19 16:14 ` Juanma Barranquero
2007-01-19 16:33 ` Jason Rumney
2007-01-19 17:10 ` Juanma Barranquero
2007-01-20 2:10 ` Richard Stallman
2007-01-20 23:38 ` Juanma Barranquero
2007-01-21 22:27 ` Richard Stallman
2007-01-21 22:36 ` Jason Rumney
2007-01-21 22:47 ` Juanma Barranquero
2007-01-22 9:04 ` Richard Stallman
2007-01-14 23:23 ` Richard Stallman
2007-01-15 1:14 ` Stefan Monnier
2007-01-15 5:59 ` Giorgos Keramidas
2007-01-15 23:27 ` Richard Stallman
2007-01-07 11:49 ` Jason Rumney
2007-01-07 16:21 ` Stefan Monnier
2007-01-08 5:33 ` Richard Stallman
2007-01-06 2:55 ` Richard Stallman
2007-01-06 12:42 ` Chris Moore
2007-01-07 3:47 ` Richard Stallman
2007-01-07 9:28 ` Michaël Cadilhac
2007-01-08 5:32 ` Richard Stallman
2007-01-06 2:55 ` Richard Stallman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2tzz19fc7.fsf@gmail.com \
--to=dooglus@gmail.com \
--cc=c.a.rendle@gmail.com \
--cc=emacs-devel@gnu.org \
--cc=lekktu@gmail.com \
--cc=monnier@iro.umontreal.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.