Re: ANN: imsep 0.6

From: Colin Walters <walters verbum org>
To: gtk-devel-list gnome org
Subject: Re: ANN: imsep 0.6
Date: Thu, 21 Oct 2004 12:07:35 -0400

On Thu, 2004-10-21 at 16:20 +0100, Gustavo J. A. M. Carneiro wrote:

>   What about DoS attacks?  If I accidentally attempt to load an image
> from the network, that image could be very large, consequently
> monopolising the imsep process, thus denying other applications of its
> services for a while.

The plan is to make the loader multithreaded.  That will solve the
problem of large images.  This should be pretty easy to do.

>   Another issue is, doesn't this introduce additional delay? 

Yes, but on my machine, it seems fairly negligible for typical image
sizes.

>  Maybe this
> module should only be invoked (explicitly) for content coming from
> untrusted sources.

If the GTK+ team is willing to add an API such that applications can
explicitly mark an image as untrusted, I think it makes sense to support
that as an option in the Imsep gdk-pixbuf loader.  However, my feeling
is that a regexp exclude for /usr/share should be sufficient.

References:
- ANN: imsep 0.6
  - From: Colin Walters
- Re: ANN: imsep 0.6
  - From: Gustavo J. A. M. Carneiro

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]