[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: C file recoginzed as image file

From: Stefan Monnier
Subject: Re: C file recoginzed as image file
Date: Sun, 14 Jan 2007 20:14:43 -0500
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.92 (gnu/linux)

>     There isn't much Emacs can do to protect against problems with
>     potentially buggy versions of the image libraries, though.  We
>     can make Emacs *prompt* the user when something looks ``odd'',
>     but how do we define ``odd''?

> Each image format has a standard.  If the format does not allow
> arbitrary programs, then it is straightforward (though perhaps
> substantial work) to validate an image completely.

The bug in the lib may be triggered by a valid file (typically: valid but
with some parameters much larger than expected).  There's no evidence that
our validation code wouldn't be itself vulnerable to various attacks
(although writing it in a strongly typed language like Lisp would eliminate
a whole bunch of potential security holes, compared to C, but note that
Elisp is not bug-free either).


reply via email to

[Prev in Thread] Current Thread [Next in Thread]