[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: C file recoginzed as image file
From: |
Chris Moore |
Subject: |
Re: C file recoginzed as image file |
Date: |
Sat, 06 Jan 2007 13:48:20 +0100 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.92 (gnu/linux) |
Richard Stallman <address@hidden> writes:
> I don't want this situation to be possible in Emacs:
>
> I receive a file foo.c in an email, save it to disk and open it in
> Emacs, knowing that the .c type is opened in cc-mode which is safe.
> To my horror, the file actually contains an evil .jpg file which
> causes a buffer overflow in the jpg library; when it's displayed it
> infects my machine with a virus.
>
> Compare that with this scenario:
>
> You receive a file foo.jpg in an email, you save it to disk
> and open it in Emacs, figuring that a jpg file ought to be safe.
> To your horror, the file actually contains an evil .jpg file which
> causes a buffer overflow in the jpg library; when it's displayed it
> infects your machine with a virus.
>
> Assuming there is such a bug in the jpg library, the latter scenario
> seems much more likely than the former.
That's a big assumption to make. There have been many exploitable
bugs in image libraries in recent years. Because of this, I wouldn't
figure that a jpg file is safe to open, whereas I would figure that a
C source file is safe to open.
> Besides which, a jpg file starts with characters that don't make any
> sense at the start of a C file. So if it looks like a plausible C
> file, it won't be treated as a jpeg.
If it looks like a plausible C file to who? In the case I described
all I've seen so far is the file's name so as far as I know it is a C
source file. I try to examine the contents using Emacs, and it is
displayed as an image.
- Re: C file recoginzed as image file, (continued)
- Re: C file recoginzed as image file, Chris Moore, 2007/01/09
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/09
- Re: C file recoginzed as image file, Stephen Leake, 2007/01/09
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/08
- Re: C file recoginzed as image file, Lennart Borgman (gmail), 2007/01/07
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/05
- Re: C file recoginzed as image file, Stefan Monnier, 2007/01/05
- Re: C file recoginzed as image file,
Chris Moore <=
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/06
- Re: C file recoginzed as image file, Chris Moore, 2007/01/07
- Re: C file recoginzed as image file, Lennart Borgman (gmail), 2007/01/07
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/08
- Re: C file recoginzed as image file, Reiner Steib, 2007/01/08
- Re: C file recoginzed as image file, Andreas Schwab, 2007/01/08
- Re: C file recoginzed as image file, Stuart D. Herring, 2007/01/08
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/08
- Re: C file recoginzed as image file, Giorgos Keramidas, 2007/01/13
- Re: C file recoginzed as image file, Sascha Wilde, 2007/01/14