|AWARE [SYSTEMS]||Imaging expertise for the Delphi developer|
|TIFF and LibTiff Mailing List Archive|
LibTiff Mailing List
2008.08.31 22:08 "Re: Some security fixes from RHEL", by Lee Howard
Bob Friesenhahn wrote: > The programs you list: gqview, GIMP, ImageMagick, and Hylafax are not > safe to use when faced with files from malicious users. I would challenge that nothing is safe when faced with an onslaught of malicious-intent. This is why firewalls are used. This is why things are encrypted and password protected. However, just because complete security isn't possible, and just because system maintainers should design to keep malicious activity away, these don't mean that secure coding efforts aren't also important. > The application I maintain (GraphicsMagick) already has an security > exposure of over 1.1 million lines of code. Modern ImageMagick likely > doubles or quadruples this exposure. Do you care to thoroughly > inspect all of this code? I don't think that a full security audit is being requested. Rather, I think that the original poster is simply asking that these things be addressed as they are reported. I don't consider that unreasonable. Thanks, Lee.