Re: Image mode

[David Kastrup]

"Juanma Barranquero" <address@hidden> writes:

> On 2/6/07, David Kastrup <address@hidden> wrote:
>
>> If there ever was a "policy" instead of just an implementation,
>
> It was a policy by implementation :)
>
>> If the user _knows_ that Xlib is a current attack vector, she has
>> the option of using "emacs -nw".  In a similar vein, if she knows
>> about a jpeg library vulnerability, she might refrain from opening
>> "xxx.jpg" in Emacs.
>
> For this discussion it doesn't make much sense IMO to talk about the
> vulnerabilities the user knows about.

Well, _we_ don't know about any vulnerabilities either at the moment,
so it would seem that it does not make much sense to talk about
anything in this discussion.

Not that it does not feel like that...

>> As long as file type and extension are compatible, I see no reason
>> for user feedback before treating the file as an image.
>
> I'm not in favor of the warning, but I agree with Richard in that I
> don't see any reason to treat files with valid image extensions (in
> agreement or disagreement with its contents) different that images
> with no recognizable extension. The way for a virus to enter a
> system is profiting from the familiarity. Either you trust your
> images' source, or you don't.

Sorry, but that is nonsense.  We have added a lot of stuff warning
about file variables and unsafe variables and so on, exactly to free
the user from having to worry about the trustworthiness of files
before opening them.  And are you telling me that all the junk mails
that want me to click on something have a sender I know?

The user has an idea about what Emacs will do with a file, and will
judge based on that whether he wants it to open in Emacs in this
manner.  If Emacs does something different than the expected thing,
there goes one component of security: user wariness.

-- 
David Kastrup