On Wed, Jul 16, 2003 at 08:27:12PM -0400, Robert L Krawitz wrote:
> - to be able to execute some Java code out of a (virus-altered) GIMP
> image (Gimp Graphics Archive) takes:
> * a person running "java -jar picture.gga"
> * some "smart" program looking inside the image, recognizing the
> manifest etc (which makes the JAR "executable"), running this
> (probably requirng user interaction)
> * a Java machine
> Not necessarily. If the appropriate MIME type isn't set up for .gga
> files, a browser might helpfully run "file" on the file, identify it
> as a JAR, and run java on it. That requires a spot of
> misconfiguration (or social engineering), but it's a bad idea to
> assume that other things are configured correctly.
So you are basically saying: Do not use ZIP files for anything but Java
stuff. Your argument holds for any ZIP file. It might get executed
somewhere. But I think this is purely academical and has nothing to do
with the GIMP file format.
> But a hierarchical structure would be cool too. What about mapping
> big parts of the file format to the file system? This way, a lot of
> information can be stored in the hierarchy and it wouldn't be a big
> difference whether to read a file from file system or from archive.
> What properties are you assuming in the filesystem?
Probably too many. I imagined something like
layer.xml (opacity, mode etc.)
But there are probably lots of issues with this design.
* LINUX - Where do you want to be tomorrow? *
Gimp-developer mailing list