Re: C file recoginzed as image file

[Chris Moore]

Richard Stallman <address@hidden> replies:

> The reason I decided to detect images by their contents rather than
> by their file names is that it seems more correct as a way of
> recognizing them.

So if someone sends me a virus in image format disguised as Emacs Lisp
code, the correct thing to do is to install the virus, rather than
display it safely in Emacs Lisp mode?  Because that's what Emacs will
currently do.

I just checked what GNOME's file manager does if I rename an image to
"foo.txt" and then try to view it by double-clicking it.

A dialog box pops up saying:


  Cannot open foo.txt

  The filename "foo.txt" indicates that this file is of type "plain
  text document". The contents of the file indicate that the file is
  of type "JPEG image". If you open this file, the file might present
  a security risk to your system.

  Do not open the file unless you created the file yourself, or
  received the file from a trusted source. To open the file, rename
  the file to the correct extension for "JPEG image", then open the
  file normally. Alternatively, use the Open With menu to choose a
  specific application for the file.

                             [Cancel]


Notice that there isn't even an option for "open it anyway" - just
"cancel".  So the GNOME designers obviously think this is enough of a
problem to fix it.

I don't see the point of leaving this security hole in Emacs just
before a release.