anomy-list

Re: Announcing sanitizer.pl, revision 1.75

From: Bjarni R. Einarsson (144003@xyz.molar.is)
Date: Mon 02 Jan 2006 - 16:28:52 GMT

  • Next message: Bjarni R. Einarsson: "Announcing sanitizer.pl, revision 1.76"

    CC'ed to the mailing list, since others might have similar questions.
    Hope you don't mind!

    On 2006-01-02, 10:28:38 (-0500), Jim Rosenberg wrote:
    > > Added code to recognize the most common/important file
    > > formats based on actual file contents, not just file name
    > > and MIME-type. Added magic to detect WMF files, to allow
    > > reliable blacklisting of said files
    >
    > Thank you thank you thank you!!!

    You're welcome. :-)

    > Now I'm a bit unclear as to what the interface is between this and the .cfg
    > file. I've only had a quick look at this new stuff (and it's been a while
    > since I updated my Anomy) so I may have completely the wrong model in my
    > head. Tell me if this is correct:
    >
    > If I already have a rule for what to do with .wmf, then I'm fine; your new
    > code will make a WMF file (via header contents) with a "forged" extension
    > appear to the rule set as though the extension really was .wmf.
    >
    > Is this right, or do I specifically have to put something into my .cfg file
    > to pick up the results of FileTypes.pm?

    Your understanding is correct. Just add "wmf" to one of your
    file_list_* regular expressions to match WMF files.

    Internally Anomy will generate a new filename based on what the
    content appears to be and that is checked against the file_list_*
    variables.

    Note that in order to activate the gif/png/jpg sanity checks (which
    provide protetion against similar future attacks based on something
    other than wmf), you must have feat_sane_names set to 1 (which is the
    default).

    -- 
    Bjarni Rúnar Einarsson
     144003@xyz.molar.is
     http://bre.klaki.net/
    

    PGP: 02764305, B7A3AB89



    hosted by molar.is