lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200401242132.i0OLWRRK021765@cvs.openbsd.org>
Date: Sat, 24 Jan 2004 14:32:27 -0700
From: Theo de Raadt <deraadt@....openbsd.org>
To: Bob Beck <beck@...h.cns.ualberta.ca>
Cc: bugtraq@...urityfocus.com
Subject: Re: vulnerabilities of postscript printers


> >>> My god, people attach printers to networks! Postscript is Turing Complete!
> >> Blah blah - you can't open files...
> > Sure you can, RTFM...
> 
>    Who cares? if it's a network attached printer there's some sort of
> IP stack in there speaking lpr, and some semblance of an operating
> system.  It's a computer. It has network interfaces, the software is
> certainly full of bugs and sucks, like most other software. It's
> probably exploitable. Why would you treat this device any differently
> than any other network attachable device on your secured network?

I concur.

When is the entire security community going to start realizing that

      -	statistics keep showing there is approximately 1 bug in ever
	50-200 lines of code

      - these bugs fall into classes of "programmer error", like
	heap object overflow, stack object overflow, range check
	failure, input mismanagement, race, ...

      - for certain classes, nearly EVERY occurance is exploitable,
	for instance, nearly all stack object overflows are exploitable

      - I am going to estimate that a typical postscript rom is, what,
	2MB of code, probably is generated from about 100,000 lines of
	code.. are we getting the picture?

Hence, I assume that if something has not been specifically audited by
a person who is allowed to and capable of "cleaning the code to make
it paranoid" as they audit, that code will have bugs.

What stuns me is that someone would even need to ask the question of
"is a postscript printer secure", and that numerous people would get
lost in the rats nest of discussing what the postscript langauge is
capable of.  I would bet that most of the security holes in a printer
would be due to crappy low level bugs.

If I can't read the code to confirm that it is crap, I assume that it
is crap.

And I bet there are people actively exploiting printer firmware..


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ