Date: Mon, 14 Jul 2003 08:30:45 -0400
   From: Leonard Rosenthol <[EMAIL PROTECTED]>

   At 7:16 AM -0500 7/14/03, Stephen J Baker wrote:

   >One issue we should at least think about with JAR is that since it
   >*is* the JAVA library mechanism, there is perhaps a risk of
   >allowing virus writers to attach bits of JAVA executable in what
   >*appears* to be a GIMP image.

   If you don't open up the JAR file with a Java-based tool - 
   you can't have Java executing.

   And even if you DO use Java to open up the JAR, nothing
   "auto-executes" - you'd have to manually kick it off.

   SO even if someone were to put Java bytecodes into a GIMP image
   file, it would never get executed...

What happens if in the future someone writes a gimp-java interface
(like gimp-perl)?  Would there be any security issues there?

Robert Krawitz                                     <[EMAIL PROTECTED]>      

Tall Clubs International  -- or 1-888-IM-TALL-2
Member of the League for Programming Freedom -- mail [EMAIL PROTECTED]
Project lead for Gimp Print   --

"Linux doesn't dictate how I work, I dictate how Linux works."
--Eric Crampton
Gimp-developer mailing list

Reply via email to