2008/8/11 Gregory Maxwell <gmaxwell(a)gmail.com>om>:
What I wasn't able to reproduce is a file which
both passed the upload
validation and which was executed by the Sun JRE... though I didn't
try hard once I realize that the use of a different domain for
uploading provided strong protection. It might well be that the upload
validation needs to be made more aggressive to stop these files, but
they pose us little to no risk. (Right now about the only risk I can
see would be having evildomain instruct browsers to DOS attack our
image servers... which could be done with simple JS on evildomain
without any exploit at all).
AIUI the upload process checks both the extension and the magic
number, doesn't it? I suppose it's a Simple Matter Of Programming to
check files for validity ...
- d.