Re: Image mode

[Juanma Barranquero]

On 2/6/07, David Kastrup <address@hidden> wrote:

> But it cannot be the business of Emacs to decide about the
> trustworthiness of a source.

No.

> And it also
> is the choice of the user whether he trusts a particular image library
> for opening a particular file from a particular source.  The user
> can't do this job if he is mistaken about the libraries that will
> likely get used.

Yours is a very sophisticate user. Mine is not. I don't expect him,
for example, to know that opening a TIFF could expose him to a JPEG or
ZLib vulnerability.

> Anyway, I say you are wrong: lots of attacks are done by having people
> click on links and/or let them open file types that look like they are
> something different.

And a lot others by people trusting executables, images, etc.
downloaded from emule, that are exactly what the user expected, sans
the surprise.

> yours revolve about the user being incapable to do it, and
> letting Emacs do a job that can't be done by it.

In fact, if anything I'm arguing against security warnings; my point
is that we cannot reliably protect the user. Believing that a match
between contents and file extension should somehow be more trusted is
false security.

                   /L/e/k/t/u