in reply to Re^3: prevent arbitrary code execution in images
in thread prevent arbitrary code execution in images

That's a toughie. Convert JPGs to PNGs and back?
I'm sorry, but that is a tad too creative :) I'd use a virus scanner like File::Scan or clamav and scan the files for viruses upon upload.

MJD says "you can't just make shit up and expect the computer to know what you mean, retardo!"
I run a Win32 PPM repository for perl 5.6.x and 5.8.x -- I take requests (README).
** The third rule of perl club is a statement of fact: pod is sexy.

  • Comment on Re^4: prevent arbitrary code execution in images

Replies are listed 'Best First'.
Re^5: prevent arbitrary code execution in images
by graff (Chancellor) on Sep 16, 2004 at 03:19 UTC
    Scan files for viruses on upload? Doesn't that depend on the scanner package having a profile to look for? Which means that a new virus gets through until someone circulates a new profile (and other people fetch it to update their scanners)?

    If a file is supposed to contain an image (but also contains a virus), it actually makes a lot more sense to apply some global filter to the "pixel" data such that image quality would be generally preserved, but anything like machine code would be obliterated. It's a pity that the same does not hold for email attachments that are supposed to be MS-Word "doc" files, etc...

[reply]

In Section Seekers of Perl Wisdom