On Mon, 2003-10-20 at 20:55, rikona wrote: > Hello Jack, > > Monday, October 20, 2003, 7:53:57 AM, you wrote: > > JC> actually, I got into a half-hearted argument with one of the > JC> Evolution developers one time because he admitted that Evo blindly > JC> trusts MIME types and passes them to the handler. > > Sounds like an ex-M$ programmer. :-) Really bad idea. > > JC> I argued that a crafted jpg could overflow eog or ee or whatever > JC> and run stuff, he responded that it was really unlikely, > > If he codes so that it will accept ANY misidentified code, of any > type, and any size, without ANY problems at all, then I'll reluctantly > agree.
what set me off was his statement that they did no sanity checking of MIME content at all, because that was the handler's job. Hopefully it was an overstatement, but let's just say I don't allow graphics to load in Evolution. -- Jack Coates Monkeynoodle: A Scientific Venture...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
