[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Network security manager
From: |
Ted Zlatanov |
Subject: |
Re: Network security manager |
Date: |
Tue, 18 Nov 2014 13:22:11 -0500 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) |
On Tue, 18 Nov 2014 18:57:15 +0100 Lars Magne Ingebrigtsen <address@hidden>
wrote:
LMI> Ted Zlatanov <address@hidden> writes:
LMI> What are the security implications of inserting an image from a source
LMI> we can't validate?
>>
>> Malicious binary payloads in images are quite common. There are also
>> attacks/exploits/hacks that load Javascript from images.
LMI> I really hope we don't have any exploitable bugs in the image handling
LMI> code.
On many platforms (NS comes to mind) image handling happens before Emacs
knows about it. So this is not necessarily an Emacs issue.
Here's a list of libpng (just picking one library out of many that Emacs
uses) CVEs:
http://www.cvedetails.com/vulnerability-list/vendor_id-7294/Libpng.html
Do we care? I do, others may not. Regardless, I don't think Emacs should
choose to sometimes disregard the HTTP/S channel's security checks. If
it does, it would be a rather unique web browser.
>> OK with me, that's a good solution for this particular case. But there
>> will be others where you can't see the things that went wrong in the
>> background. I suggested a modeline indicator previously... it's better
>> than silent failure, right?
LMI> Well... No, annoying the user with things the user doesn't care about
LMI> is worse than silent failure. >"?
I don't think a passive indicator e.g. in the modeline is annoying. If
you make the list of failures accessible somehow, the rest can be done
by add-ons, so we don't need to figure it out now.
Ted
- Re: Network security manager, (continued)
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Stefan Monnier, 2014/11/18
- Re: Network security manager, Eli Zaretskii, 2014/11/18
- Re: Network security manager, Eli Zaretskii, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Eli Zaretskii, 2014/11/18
- Re: Network security manager, Eli Zaretskii, 2014/11/18
- Re: Network security manager,
Ted Zlatanov <=
- Message not available
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Ted Zlatanov, 2014/11/19