[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: C file recoginzed as image file
From: |
Stefan Monnier |
Subject: |
Re: C file recoginzed as image file |
Date: |
Sun, 14 Jan 2007 20:14:43 -0500 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.0.92 (gnu/linux) |
> There isn't much Emacs can do to protect against problems with
> potentially buggy versions of the image libraries, though. We
> can make Emacs *prompt* the user when something looks ``odd'',
> but how do we define ``odd''?
> Each image format has a standard. If the format does not allow
> arbitrary programs, then it is straightforward (though perhaps
> substantial work) to validate an image completely.
The bug in the lib may be triggered by a valid file (typically: valid but
with some parameters much larger than expected). There's no evidence that
our validation code wouldn't be itself vulnerable to various attacks
(although writing it in a strongly typed language like Lisp would eliminate
a whole bunch of potential security holes, compared to C, but note that
Elisp is not bug-free either).
Stefan
- Re: C file recoginzed as image file, (continued)
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/19
- Re: C file recoginzed as image file, Jason Rumney, 2007/01/19
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/19
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/19
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/20
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/21
- Re: C file recoginzed as image file, Jason Rumney, 2007/01/21
- Re: C file recoginzed as image file, Juanma Barranquero, 2007/01/21
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/22
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/14
- Re: C file recoginzed as image file,
Stefan Monnier <=
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/15
- Re: C file recoginzed as image file, Giorgos Keramidas, 2007/01/15
- Re: C file recoginzed as image file, Jason Rumney, 2007/01/07
- Re: C file recoginzed as image file, Stefan Monnier, 2007/01/07
- Re: C file recoginzed as image file, Richard Stallman, 2007/01/08
Re: C file recoginzed as image file, Richard Stallman, 2007/01/05