[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: C file recoginzed as image file

From: Stuart D. Herring
Subject: Re: C file recoginzed as image file
Date: Mon, 8 Jan 2007 10:12:00 -0800 (PST)
User-agent: SquirrelMail/1.4.8-2.el3.7lanl

>> IIUC, Emacs relies on the image libraries in the same way as Emacs
>> relies on zlib (or is gzip?) to (un)compress *.gz files.
> Emacs does not use zlib for (un)compressing, it calls gzip as an external
> program.  A bug in gzip cannot affect Emacs beyond getting a stream of
> garbage bytes from it.

A bug in gzip, invoked automatically on untrusted data by Emacs, could
very easily affect Emacs by becoming the pawn of a remote program and then
A) sending Emacs SIGKILL or B) deleting the user's .emacs file or C) (in
an appropriate privilege environment) destroying the filesystem on which
emacs is stored.  A is obviously an overly literal effect, and precisely B
happening is unlikely, but the threat of scenarios like B and C is present
whether it is Emacs' memory space (via a library linked into it statically
or dynamically) in which the attack occurs or it is merely due to Emacs
that the attack can occur so automatically.


This product is sold by volume, not by mass.  If it appears too dense or
too sparse, it is because mass-energy conversion has occurred during

reply via email to

[Prev in Thread] Current Thread [Next in Thread]