[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Image mode

From: Juanma Barranquero
Subject: Re: Image mode
Date: Tue, 6 Feb 2007 10:43:39 +0100

On 2/6/07, David Kastrup <address@hidden> wrote:

If there ever was a "policy" instead of just an implementation,

It was a policy by implementation :)

If the user _knows_ that Xlib is a current attack vector, she has the
option of using "emacs -nw".  In a similar vein, if she knows about a
jpeg library vulnerability, she might refrain from opening "xxx.jpg"
in Emacs.

For this discussion it doesn't make much sense IMO to talk about the
vulnerabilities the user knows about.

As long as file type and extension are compatible, I see no reason for
user feedback before treating the file as an image.

I'm not in favor of the warning, but I agree with Richard in that I
don't see any reason to treat files with valid image extensions (in
agreement or disagreement with its contents) different that images
with no recognizable extension. The way for a virus to enter a system
is profiting from the familiarity. Either you trust your images'
source, or you don't.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]