[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Image mode

From: Juanma Barranquero
Subject: Re: Image mode
Date: Tue, 6 Feb 2007 12:42:04 +0100

On 2/6/07, David Kastrup <address@hidden> wrote:

But it cannot be the business of Emacs to decide about the
trustworthiness of a source.


And it also
is the choice of the user whether he trusts a particular image library
for opening a particular file from a particular source.  The user
can't do this job if he is mistaken about the libraries that will
likely get used.

Yours is a very sophisticate user. Mine is not. I don't expect him,
for example, to know that opening a TIFF could expose him to a JPEG or
ZLib vulnerability.

Anyway, I say you are wrong: lots of attacks are done by having people
click on links and/or let them open file types that look like they are
something different.

And a lot others by people trusting executables, images, etc.
downloaded from emule, that are exactly what the user expected, sans
the surprise.

yours revolve about the user being incapable to do it, and
letting Emacs do a job that can't be done by it.

In fact, if anything I'm arguing against security warnings; my point
is that we cannot reliably protect the user. Believing that a match
between contents and file extension should somehow be more trusted is
false security.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]