1
0
mirror of synced 2024-11-25 18:54:22 +01:00

spelling correction.

while mat2 has both a thread model (a thread pool that strips metadata
in parallel) and a threat model (a list of malicious adversaries and
their capabilities that we are trying to defeat), i think this
paragraph is talking about the latter.
This commit is contained in:
Daniel Kahn Gillmor 2018-09-05 13:00:28 -04:00
parent 072ee1814d
commit 2d9ba81a84

View File

@ -64,7 +64,7 @@ to the filesystem. This ensures that every metadata is removed.
XML attacks XML attacks
----------- -----------
Since our thread model conveniently excludes files crafted to specifically Since our threat model conveniently excludes files crafted to specifically
bypass MAT2, fileformats containing harmful XML are out of our scope. bypass MAT2, fileformats containing harmful XML are out of our scope.
But since MAT2 is using [etree](https://docs.python.org/3/library/xml.html#xml-vulnerabilities) But since MAT2 is using [etree](https://docs.python.org/3/library/xml.html#xml-vulnerabilities)
to process XML, it's "only" vulnerable to DoS, and not memory corruption: to process XML, it's "only" vulnerable to DoS, and not memory corruption: