emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Possible problem with Gnus

From: David Kastrup
Subject: Re: Possible problem with Gnus
Date: 11 May 2004 14:40:09 +0200
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3.50 
Richard Stallman <address@hidden> writes:

> We have to pay attention to an issue of how Gnus and other Emacs mail
> readers treat MIME attachments.
> 
> Windows viruses often spread in attachments for Word.  We have to make
> sure that attachments don't become a method for spreading viruses in
> Emacs.  Some kinds of attachments run applications that perhaps can be
> assumed safe, such as a gif displayer.  But attachments that run more
> complex attachments, such as a browser that might execute programs
> given it, have to be treated as unsafe.
> 
> I don't use Gnus.  How does a Gnus user specify to display an
> attachment?  Does the user do this for one specific attachment,
> or for all the attachments in one message?  Does Gnus ever display
> attachments in a message without a specific direct user request
> for that message?

No, and you have to explicitly ask for display/extraction of each
attachment separately.  The only exception AFAICS are inline image
attachments not exceeding a specific size, and text mode stuff like
rich text.  I don't see any application for an exploit here.  The
worst that can happen is that an invalid image manages to overflow a
decoding buffer in case that there is a bug in the library.

-- 
David Kastrup, Kriemhildstr. 15, 44793 Bochum
reply via email to
[Prev in Thread] Current Thread [Next in Thread]