lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Jan 2004 17:43:41 +0100 From: Georg Lutz <glist@....net> To: bugtraq@...urityfocus.com Subject: Re: vulnerabilities of postscript printers On 2004-01-24, Glynn Clements wrote: > PostScript has the ability to read/write named files, and nothing > prohibits an implementation from making peripheral devices or ports > accessible as named files. E.g. using GhostScript on Linux, the > following trivial PostScript program sends a WAV file (or the first > 20kb thereof) to the sound card: > > (/dev/dsp) (w) file dup > (foo.wav) (r) file > 20000 string readstring pop > writestring flushfile > > [The -dSAFER switch disables file access, and should be used when > running gs on "untrusted" PostScript files.] > Does this mean, that a Postscript-file is not safer than a MS Word document? Shouldnt -dSAFER be then the default option? Or breaks this something else? -- Georg
Powered by blists - more mailing lists