Re^3: security: making sure graphics uploaded by users are safe

in reply to Re^2: security: making sure graphics uploaded by users are safe
in thread security: making sure graphics uploaded by users are safe

I think you are being a little alarmist here. File formats like jpg and png have no 'executable' aspect to them. They are simply read and displayed. The only way you could make such a file malicious in-and-of-itself would be to exploit some buffer overrun bug within usual rendering software, such as a browser. Since image rendering is pretty basic, this type of situation is highly unlikely to occur.

The only plausible way to make a jpg/png file malicious is to trick the destination system into thinking that some 'extra' processing is required for the file type. For example, if you modify the registry to change the default behavior associated with double-clicking on a jpg file, so that it is treated differently, then all bets are off. As I originally stated, this requires some other malware execute first.

Notice I did not include gif format in here. The gif standard allows for animations, which means there is an 'executable' aspect to the file. While I believe the scope of what can be executed within a gif is very limited, I don't know enough about it to say for sure that it could not be hijacked for nefarious purposes

fnord

Comment on Re^3: security: making sure graphics uploaded by users are safe

Replies are listed 'Best First'.
Re^4: security: making sure graphics uploaded by users are safe by gwadej (Chaplain) on Sep 30, 2009 at 17:16 UTC
While you might be right that the OP is being overly cautious, saying that images files should not be dangerous is not quite correct. In the presence of bugs in the viewing software (which the OP cannot control), maliciously crafted images can be a security issue. As a relatively paranoid individual, I follow the Security Now! podcast. I've been startled at the number of exploits based on errors in image processing programs reported in the past year. During the Aug. 13, 2009 show, we heard about a buffer overflow in the ImageIO library that could result in either application termination or remote code execution. In the Sept. 3, 2009 show, there was discussion of a similar problem in libpng. Over the last year, it seems like there were at least a dozen of these kinds of exploits on one or another OS. (I think all of the majors were represented.) That being said, I'm not sure that it's possible to perform a general test to find this kind of thing for an image upload site. G. Wade	[reply]

Replies are listed 'Best First'.

Re^4: security: making sure graphics uploaded by users are safe
by gwadej (Chaplain) on Sep 30, 2009 at 17:16 UTC

While you might be right that the OP is being overly cautious, saying that images files should not be dangerous is not quite correct. In the presence of bugs in the viewing software (which the OP cannot control), maliciously crafted images can be a security issue.

As a relatively paranoid individual, I follow the Security Now! podcast. I've been startled at the number of exploits based on errors in image processing programs reported in the past year.

During the Aug. 13, 2009 show, we heard about a buffer overflow in the ImageIO library that could result in either application termination or remote code execution. In the Sept. 3, 2009 show, there was discussion of a similar problem in libpng. Over the last year, it seems like there were at least a dozen of these kinds of exploits on one or another OS. (I think all of the majors were represented.)

That being said, I'm not sure that it's possible to perform a general test to find this kind of thing for an image upload site.

G. Wade

[reply]

In Section Seekers of Perl Wisdom