On Wed, Jan 19, 2005 at 04:29:46PM +0100, Florian Weimer wrote:
For complex file formats, there is no clear distinction between
"opening" a file and "executing" it.
Sure there is. For some filetypes execution is an intended effect; that
is, you expect arbitrary code to run. For other filetypes there's an
unexpected side effect that allows arbitrary code to run. In the second
case there's a bug that can be fixed. In the first case you just don't
execute the file if it's from an untrusted source.
Mike Stone
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
