From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Reiner Steib Newsgroups: gmane.emacs.devel Subject: Re: C file recoginzed as image file Date: Mon, 08 Jan 2007 15:05:11 +0100 Message-ID: References: Reply-To: Reiner Steib NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1168265148 26570 80.91.229.12 (8 Jan 2007 14:05:48 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Mon, 8 Jan 2007 14:05:48 +0000 (UTC) Cc: Chris Moore , c.a.rendle@gmail.com, emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jan 08 15:05:45 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1H3v83-000590-6z for ged-emacs-devel@m.gmane.org; Mon, 08 Jan 2007 15:05:35 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1H3v82-0002Fx-MD for ged-emacs-devel@m.gmane.org; Mon, 08 Jan 2007 09:05:34 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1H3v7p-0002FY-Ev for emacs-devel@gnu.org; Mon, 08 Jan 2007 09:05:21 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1H3v7n-0002Ew-7a for emacs-devel@gnu.org; Mon, 08 Jan 2007 09:05:20 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1H3v7n-0002Et-1l for emacs-devel@gnu.org; Mon, 08 Jan 2007 09:05:19 -0500 Original-Received: from [134.60.1.1] (helo=mail.uni-ulm.de) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1H3v7j-0005cB-9b; Mon, 08 Jan 2007 09:05:15 -0500 Original-Received: from bridgekeeper.physik.uni-ulm.de (bridgekeeper.physik.uni-ulm.de [134.60.10.123]) by mail.uni-ulm.de (8.13.8/8.13.8) with ESMTP id l08E5CHd025874; Mon, 8 Jan 2007 15:05:12 +0100 (MET) Original-Received: from viandante.physik.uni-ulm.de (bridgekeeper.physik.uni-ulm.de [134.60.10.123]) by bridgekeeper.physik.uni-ulm.de (Postfix) with SMTP id B99D412529; Mon, 8 Jan 2007 15:05:11 +0100 (CET) Original-Received: (nullmailer pid 23556 invoked by uid 170); Mon, 08 Jan 2007 14:05:11 -0000 Original-To: Richard Stallman X-Face: 1; h7XMU[7l}$T@J.D}5z*w8Tg'}B5ArAWc8>2X~otB; kOjKs8X%|hTC#dG:%Vpx")x7S/`v :VXU#fZW$X$zdhEU.RfVQ@<-m9IuN{Hm"fW{,5]6kR'M*vEs+{5Cj!L(JTRzA$(},?5J=sm; %Od, Chris Moore , c.a.rendle@gmail.com, emacs-devel@gnu.org In-Reply-To: (Richard Stallman's message of "Mon\, 08 Jan 2007 00\:32\:55 -0500") User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.92 (gnu/linux) X-DCC-sonic.net-Metrics: gemini 1117; Body=4 Fuz1=4 Fuz2=4 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:64971 Archived-At: On Mon, Jan 08 2007, Richard Stallman wrote: > How significant this danger is in the Emacs context depends on a > number of things. I am not sure whether the danger is enough to > matter. But if it is, the only adequate protection is NEVER to > display such images as images by default. IIUC, Emacs relies on the image libraries in the same way as Emacs relies on zlib (or is gzip?) to (un)compress *.gz files. I recall vulnerabilities on both (e.g. zlib and libpng[1]) during the past years. If you consider image libs as dangerous in general, you may also think about all other libs linked to Emacs. > The solution you and others are proposing, to display the image as an > image only when the file name extension matches the image type, is > inadequate to avoid the problem. You might feel suspicion when you > see an extension such as .jpg, .gif, or .png, but lots of users, such > as me, would not. Checking the file type would not protect us. > If someone wanted to send us a JPG with a virus, he could call > the file something.jpg, and bypass this test. A user who has compiled Emacs _without_ JPEG support would not expect to see something.jpg displayed as an image even if the content is PNG, I think. And in case there's a vulnerability in libpng, he would not expect to be in danger when opening something.jpg. > If there is some sort of vulnerability in the tiff library, I will not > know about it. I do not hear about such things. For most GNU/Linux systems, the vulnerable image libraries will be replaced by fixed versions via (automatic) online updates soon. If there's a vulnerability in one of the image libraries it usually affects dozens or hundreds of programs (or packages). E.g. on my system, the image libraries used by Emacs (libpng, libjpeg, giflib, libXpm) are use by more than 200 other packages. As the image libs (at least libpng and libjpeg) are also used by most web browsers (such as Mozilla Firefox), such vulnerabilities need to be fixed very fast by the distributors (displaying images from untrusted sources in web browsers is much more common[2] that opening them in Emacs). Bye, Reiner. [1] ,----[ rpm -q --changelog zlib | less +/secur ] | * Wed Jul 20 2005 - meissner@... | - Upgraded to 1.2.3. Security fix is now in mainline. `---- ,----[ rpm -q --changelog libpng | less +/secur ] | * Mon Aug 16 2004 - nadvornik@... | - updated to 1.2.6: included security fixes `---- [2] "more common" in the sense of how many people use web browsers vs. people who open images in Emacs. -- ,,, (o o) ---ooO-(_)-Ooo--- | PGP key available | http://rsteib.home.pages.de/