From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Stephen Leake <stephen_leake@member.fsf.org>
Newsgroups: gmane.emacs.devel
Subject: Re: C file recoginzed as image file
Date: Tue, 09 Jan 2007 08:07:11 -0500
Message-ID: <uslekfiww.fsf@member.fsf.org>
References: <loom.20070105T152213-693@post.gmane.org>
	<m23b6pzg3g.fsf@gmail.com> <m2y7ohy0s1.fsf@gmail.com>
	<f7ccd24b0701051102n4866b1cbi35465c3a22291ba4@mail.gmail.com>
	<jwvlkkgyhcv.fsf-monnier+emacs@gnu.org>
	<E1H3OzT-0001gy-8M@fencepost.gnu.org> <m28xgfmcma.fsf@gmail.com>
	<E1H3n8b-00045X-G1@fencepost.gnu.org> <m27ivxej74.fsf@gmail.com>
	<E1H44QT-0007FM-MP@fencepost.gnu.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1168348293 30286 80.91.229.12 (9 Jan 2007 13:11:33 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Tue, 9 Jan 2007 13:11:33 +0000 (UTC)
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Jan 09 14:11:30 2007
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1H4Gl3-0006gR-9s
	for ged-emacs-devel@m.gmane.org; Tue, 09 Jan 2007 14:11:17 +0100
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1H4Gl2-0002bY-Qj
	for ged-emacs-devel@m.gmane.org; Tue, 09 Jan 2007 08:11:16 -0500
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1H4GhN-0008ES-3X
	for emacs-devel@gnu.org; Tue, 09 Jan 2007 08:07:29 -0500
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1H4GhL-0008DE-Js
	for emacs-devel@gnu.org; Tue, 09 Jan 2007 08:07:28 -0500
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1H4GhK-0008Cc-IU
	for emacs-devel@gnu.org; Tue, 09 Jan 2007 08:07:27 -0500
Original-Received: from [207.172.157.102] (helo=smtp02.lnh.mail.rcn.net)
	by monty-python.gnu.org with esmtp (Exim 4.52) id 1H4GhK-0003bu-5O
	for emacs-devel@gnu.org; Tue, 09 Jan 2007 08:07:26 -0500
Original-Received: from mr02.lnh.mail.rcn.net ([207.172.157.22])
	by smtp02.lnh.mail.rcn.net with ESMTP; 09 Jan 2007 08:07:28 -0500
Original-Received: from smtp01.lnh.mail.rcn.net (smtp01.lnh.mail.rcn.net [207.172.4.11])
	by mr02.lnh.mail.rcn.net (MOS 3.7.5a-GA) with ESMTP id MTG64243;
	Tue, 9 Jan 2007 08:07:24 -0500 (EST)
Original-Received: from 208-59-165-113.c3-0.slvr-ubr1.lnh-slvr.md.cable.rcn.com (HELO
	ACS1100007992) ([208.59.165.113])
	by smtp01.lnh.mail.rcn.net with ESMTP; 09 Jan 2007 08:07:22 -0500
Original-To: emacs-devel@gnu.org
In-Reply-To: <E1H44QT-0007FM-MP@fencepost.gnu.org> (Richard Stallman's
	message of "Mon, 08 Jan 2007 19:01:13 -0500")
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (windows-nt)
X-Junkmail-Status: score=10/50, host=mr02.lnh.mail.rcn.net
X-Junkmail-SD-Raw: score=unknown,
	refid=str=0001.0A090201.45A391C4.00B5,ss=1,fgs=0,
	ip=207.172.4.11, so=2006-05-09 23:27:51,
	dmn=5.2.125/2006-10-10
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:65061
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/65061>

Richard Stallman <rms@gnu.org> writes:

> In nearly all cases, the result of displaying an image file is an
> image on your screen.

True.

> Your conclusion is based on two assumptions: that (1) there is a bug
> in a library and (2) the image file has a virus specifically designed
> to take advantage of this bug and cause trouble in Emacs.

True.

> Assumption 1 may be true occasionally, but it will be false nearly
> all the time.

"occasionally" here does not refer to the number of images viewed, but
the number of libraries used. There are only a few of those (maybe
10?). So if one of them has a bug, that's 10%.

> Assumption 2 is not impossible, but we don't know that anyone will
> actually do it.

Yes, we do; there are examples of real viruses that do exactly that.

Hmm. Not including the "cause trouble in Emacs" part; just causing
trouble on the computer is the intent of the virus. Emacs is just the
user interface to the image library in this case.

The point people have been making is that these real viruses use a
file extension that is _not_ an image file extension, in an attempt to
fool the reader into getting infected.

You are correct that using the file extension alone to determine
whether the file is an image is not fool-proof.

But a heuristic that says:

"if the file extension does not match the contents, it is more likely
that this is a virus attack"

is useful. That is what is being proposed here.

-- 
-- Stephe