[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: C file recoginzed as image file
From: |
Stuart D. Herring |
Subject: |
Re: C file recoginzed as image file |
Date: |
Mon, 8 Jan 2007 10:12:00 -0800 (PST) |
User-agent: |
SquirrelMail/1.4.8-2.el3.7lanl |
>> IIUC, Emacs relies on the image libraries in the same way as Emacs
>> relies on zlib (or is gzip?) to (un)compress *.gz files.
>
> Emacs does not use zlib for (un)compressing, it calls gzip as an external
> program. A bug in gzip cannot affect Emacs beyond getting a stream of
> garbage bytes from it.
A bug in gzip, invoked automatically on untrusted data by Emacs, could
very easily affect Emacs by becoming the pawn of a remote program and then
A) sending Emacs SIGKILL or B) deleting the user's .emacs file or C) (in
an appropriate privilege environment) destroying the filesystem on which
emacs is stored. A is obviously an overly literal effect, and precisely B
happening is unlikely, but the threat of scenarios like B and C is present
whether it is Emacs' memory space (via a library linked into it statically
or dynamically) in which the attack occurs or it is merely due to Emacs
that the attack can occur so automatically.
Davis
--
This product is sold by volume, not by mass. If it appears too dense or
too sparse, it is because mass-energy conversion has occurred during
shipping.
- Re: C file recoginzed as image file, (continued)
- Re: C file recoginzed as image file, Lennart Borgman (gmail), 2007/01/07
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/05
- Re: C file recoginzed as image file, Stefan Monnier, 2007/01/05
- Re: C file recoginzed as image file, Chris Moore, 2007/01/06
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/06
- Re: C file recoginzed as image file, Chris Moore, 2007/01/07
- Re: C file recoginzed as image file, Lennart Borgman (gmail), 2007/01/07
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/08
- Re: C file recoginzed as image file, Reiner Steib, 2007/01/08
- Re: C file recoginzed as image file, Andreas Schwab, 2007/01/08
- Re: C file recoginzed as image file,
Stuart D. Herring <=
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/08
- Re: C file recoginzed as image file, Giorgos Keramidas, 2007/01/13
- Re: C file recoginzed as image file, Sascha Wilde, 2007/01/14
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/15
- Re: C file recoginzed as image file, Jason Rumney, 2007/01/15
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/19
- Re: C file recoginzed as image file, Jason Rumney, 2007/01/19
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/19
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/19
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/20