[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: C file recoginzed as image file
From: |
Stefan Monnier |
Subject: |
Re: C file recoginzed as image file |
Date: |
Fri, 05 Jan 2007 22:16:30 -0500 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.91 (gnu/linux) |
> I receive a file foo.c in an email, save it to disk and open it in
> Emacs, knowing that the .c type is opened in cc-mode which is safe.
> To my horror, the file actually contains an evil .jpg file which
> causes a buffer overflow in the jpg library; when it's displayed it
> infects my machine with a virus.
> Compare that with this scenario:
> You receive a file foo.jpg in an email, you save it to disk
> and open it in Emacs, figuring that a jpg file ought to be safe.
> To your horror, the file actually contains an evil .jpg file which
> causes a buffer overflow in the jpg library; when it's displayed it
> infects your machine with a virus.
> Assuming there is such a bug in the jpg library, the latter scenario
> seems much more likely than the former.
No: there are known security holes in jpg libs, not in cc-mode.
So when I receive mail from an unknown source and it has a jpg file in it,
I'll think twice before opening the image. OTOH if it's a ".c" file, I'll
feel confident that it's perfectly safe to open it.
Such misleading file names have been used over and over again in
w32 viruses.
> Besides which, a jpg file starts with characters that don't make any
> sense at the start of a C file. So if it looks like a plausible C
> file, it won't be treated as a jpeg.
But that assumes you've already been able to see the content of the file.
Typically, this is not the case: you get an attachment called "foo.c" and
you ask Emacs to display it to see this (supposedly) C code.
Stefan
- Re: C file recoginzed as image file, (continued)
- Re: C file recoginzed as image file, Chris Moore, 2007/01/09
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/09
- Re: C file recoginzed as image file, Stephen Leake, 2007/01/09
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/08
- Re: C file recoginzed as image file, Lennart Borgman (gmail), 2007/01/07
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/05
- Re: C file recoginzed as image file,
Stefan Monnier <=
- Re: C file recoginzed as image file, Chris Moore, 2007/01/06
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/06
- Re: C file recoginzed as image file, Chris Moore, 2007/01/07
- Re: C file recoginzed as image file, Lennart Borgman (gmail), 2007/01/07
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/08
- Re: C file recoginzed as image file, Reiner Steib, 2007/01/08
- Re: C file recoginzed as image file, Andreas Schwab, 2007/01/08
- Re: C file recoginzed as image file, Stuart D. Herring, 2007/01/08
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/08
- Re: C file recoginzed as image file, Giorgos Keramidas, 2007/01/13