Re: C file recoginzed as image file

[Richard Stallman]

    > Assumption 2 is not impossible, but we don't know that anyone will
    > actually do it.

    It's not necessary for the virus to be specific to Emacs.  The bug can
    potentially be exploitable not matter which application the library is
    linked to.

There are two different possible ways to exploit such a bug:

1. Ways that operate directly on the file system, for which it
makes no difference from which program the library is run.

2. Ways that would directly try to corrupt Emacs.

If the virus works in the former way, it could do the same harm if you
display the image with qiv.  Protecting Emacs would be like stuffing
insulation in the crack under the door while the window is wide open.
Such exploits have to be blocked, and avoided, in the libraries
concerned.

For the second category, I see a couple of possibilities:

1. Validate the image data before calling the library (or better, in
the library).

2. Have Emacs run the library in a separate program rather than in
its own address space.  This reduces the Emacs case to the qiv case.

      Most, and probably all images on
    any given user's system are safe to display in Emacs, but shouldn't we
    guard against the time that they open that one specially crafted image
    which infects their system?

It is not clear to me what the answer to that question is.  It is
about the magnitude of X/Y where X and Y are both getting large.