On Wed, Jan 19, 2005 at 04:29:46PM +0100, Florian Weimer wrote:
For complex file formats, there is no clear distinction between "opening" a file and "executing" it.
Sure there is. For some filetypes execution is an intended effect; that is, you expect arbitrary code to run. For other filetypes there's an unexpected side effect that allows arbitrary code to run. In the second case there's a bug that can be fixed. In the first case you just don't execute the file if it's from an untrusted source. Mike Stone