| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: avalon at caligula.anu.edu.au (Darren Reed) Subject: Re: vulnerabilities of postscript printers To put my comments in perspective, I immersed myself in postscript at a time when "level 2" was new and there it not really documented. In some mail from Michael Zimmermann, sie said: > At Freitag, 23. Januar 2004 06:01 Darren Reed wrote: > > First, remember that postscript has been designed for rendering images > > on a page. It has -no- native networking comands nor ability to talk > > to any peripheral. > > This statement is misleading. PostScript allows reading and writing of files > for example, if the printer has a disk installed (and some have -- to store > jobs, fonts, forms and of course system-software). It should also be noted, > that a PostScript printer establishes a two-way communication with the > driver. This stdin and stderr files can be access by the user programm > (i.e. by the print-job transmitted to the printer). > Using a special "print"-driver gives me a user "shell" for an apple > and an egg. Every driver writer for PostScript printer knows that, > it's part of the PostScript bibles (I think, in the third book). Yup and stdout & stderr are very useful. Lets you find out, easily, how many pages were printed. Also allows "interactive". But this is all "so-what" type material... > Often the system-level is only a password away (if the administrator > has set it at all, which I doubt). Hence a null password or the factory > default would be a good guess. And I have seen the only possible > password type to be an <integer>. Brute force at night with an > automatic script running on my PC should not be too difficult. See here you've taken a step I don't believe possible - with postscript. For reference I downloaded the blue book and read through there operator summary last night and there is no "password" or "login" in postscript. Often postscript printers have a telnet facility if they have a network card but that's quite separate, I believe. Kind of like how such printers will usually also do SNMP and/or appletalk and/or whatever other networking stuff has been put in them. > The network communication is part of the system-level, and this > is usually also partly written in PostScript, but at least accessible > from the PostScript level. And you have an example of this ? For it to be accessible via postscript, I imagine it might take some special filename... All that said and done, there's still no replacing a postscript printer for printing quality, IMHO :) Darren
Powered by blists - more mailing lists