[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: C file recoginzed as image file

From: Chris Moore
Subject: Re: C file recoginzed as image file
Date: Tue, 09 Jan 2007 02:08:40 +0100
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.92 (gnu/linux)

Richard Stallman <address@hidden> writes:

> Your conclusion is based on two assumptions: that (1) there is a bug
> in a library and (2) the image file has a virus specifically designed
> to take advantage of this bug and cause trouble in Emacs.
> Assumption 1 may be true occasionally, but it will be false nearly
> all the time.

While it may be true that there are no publicly disclosed bugs in
image libraries most of the time, I would question how likely it is
that there are no undisclosed bugs in image libraries at any given
point in time.  It's quite possible that there's an exploitable bug in
one of the image libraries which Emacs uses which has been there since
the library was first created.

> Assumption 2 is not impossible, but we don't know that anyone will
> actually do it.

It's not necessary for the virus to be specific to Emacs.  The bug can
potentially be exploitable not matter which application the library is
linked to.

> Please don't assume that the unlikely case is the only case.

I don't think it is particularly unlikely that it is possible to
construct an image file which will caused Emacs to execute malicious
code when the image is displayed.  Most, and probably all images on
any given user's system are safe to display in Emacs, but shouldn't we
guard against the time that they open that one specially crafted image
which infects their system?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]