add a SECURITY.md, describe attack surface and valid attack scenarios

diff --git a/Makefile.am b/Makefile.am
index 9a3de9d..146a7e1 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -12,7 +12,7 @@ EXTRA_DIST += libexif-uninstalled.pc.in
 
 ACLOCAL_AMFLAGS = -I auto-m4 -I m4m
 
-doc_DATA = README AUTHORS NEWS ChangeLog ABOUT-NLS COPYING
+doc_DATA = README AUTHORS NEWS ChangeLog ABOUT-NLS COPYING SECURITY.md
 
 #######################################################################
 # Help for the maintainer

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644 (file)
index 0000000..2d335a9
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,43 @@
+# Security overview
+
+## General
+
+libexif is a software library to process EXIF datablobs, which are usually
+embedded in JPEG files.
+
+It allows reading, writing, changing, and extraction (binary and textual versions)
+of this data.
+
+
+## Attack Surface
+
+Any data blob put into the library should be assumed untrusted and
+potentially malicious.
+
+ABI parameters can be considered trusted.
+
+The primary attack scenario is processing of files for EXIF content
+extraction (displaying) via unattended services, up to and including
+webservices where files can be uploaded by potential attackers.
+
+## Bugs considered security issues
+
+(Mostly for CVE assigments rules.)
+
+Triggering memory corruption of any form is considered in scope.
+Triggering endless loops is considered in scope. (would block services)
+Triggering unintentional aborts is considered in scope.
+
+Common library usage patterns are in scope.
+
+Crashes during writing out of data as EXIF could be in scope.
+
+## Bugs not considered security issues
+
+Crashes caused by debugging functionality are not in scope.
+
+## Bugreports
+
+Bugreports can be filed as github issues.
+
+If you want to report an embargoed security bug report, reach out to dan@coneharvesters.com.