| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 03 Mar 2007 20:06:46 +0100 From: Paul Sebastian Ziegler <psz@...erved.de> To: full-disclosure@...ts.grok.org.uk Subject: PostScript security research -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, I'm currently coming across a lot of PostScript documents. And I realize that most people consider them as "pictures" and thus plainly open them. This is why I thought about testing it's security and possibly creating some PoC to raise awareness. During my research I found that PostScript has the possibility to open and manipulate files. Now that's a good start. :) Also this project here proves that it must somehow be possible to "bind" to a port: http://public.planetmirror.com/pub/pshttpd/ (Still researching this one...) However google hasn't been particularly helpful when it came to the following questions: 1) Has anybody researched this before (no need to crash open doors) 2) Is PostScript capable of using the system()-call or something similar? Does anybody know about this? Thanks in advance Paul -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF6cdGaHrXRd80sY8RCsj6AKCT9KwwH/+GCw/td1ZCLN6E4MqF+wCgixu5 fnqrvlvr37O36zEeBfD3BJA= =/lno -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists