GNOME Bugzilla – Bug 118384
Saving unchanged EXIF information from original file can be security problem
Last modified: 2004-12-22 21:47:04 UTC
In the report of the bug 118262 there was a nice example how the included thumbnail in EXIF info can reveal potentially secret things :-). But saving unchanged EXIF information from original file can be security problem not only due to thumbnails - there can be other infos I don't want to reveal to public. Simple solution -> the user has to decide if he/she wants to leave the EXIF info in the newly saved file or not (checkbox on the JPEG save dialog or extra confirmation if the EXIF info was present in the original file). Certainly the best solution would be to allow the user to edit the information before saving.
We could look at this for 2.0. Dave.
Is it necessary to leave this open as a separate bug report? Although this was not mentioned as a security issue, the arguments for not doing a blind copy of the EXIF data have already been mentioned in bug #56443 (the EXIF bug). So I would suggest to mark this as a duplicate. By the way, for those who are too lazy to open the file attached to bug #118262, here is a page that contains the relevant images: http://www.fuckallyall.com/article1585.html Warning for minors: this link contains mild nudity.
I'd prefer to let it be separate bug, because it's only a part of EXIF support but could be overlooked when resolving the bug 56443. Adding it as a blocker of it.
Hi, There is an easy fix which should be put in place soon... all that is needed is a GUI toggle for adding exif data if it's present. Something like #ifdef HAVE_EXIF GtkWidget *exif_toggle; #endif ... #ifdef HAVE_EXIF create the toggle with default value "TRUE", and label "Keep EXIF data" if it is present (test on the existence of the jpeg_exif_data parasite) #endif ... #ifdef HAVE_EXIF if toggle is true, write exif data #endif Basically a trivial patch once you fill out the pseudo-code :) And should suffice. You could even skip the test for the exif parasite, and have the label be false by default, with label "Discard EXIF data", which always makes sense, although it's in the negative. Cheers, Dave.
Finally got around to this. Attaching patch for testing (I'm not at home at the moment, and I haven't even run this, but I think it should work). If someone could test this I'd appreciate it. Cheers, Dave.
Created attachment 20205 [details] [review] Finally added patch
Added the PATCH keyword - for some reason this change doesn't show up in the notification mails from mozilla...
Gah. I hate tables. This draws the "Save exif" toggle in the same place as the "Optimize" toggle. And since this toggle is optional, it should really not take up a row all to itself. I will fix this up this evening. Dave.
Adding it below Baseline, to the left of Subsample. Dave.
Fixed in CVS: 2003-09-23 Dave Neary <bolsh@gimp.org> * plug-ins/common/jpeg.c: Allow discarding of exif data if HAVE_EXIF is enabled and the user doesn't want to keep it. Closes bug #118384. Dave.