Hi Tom, At 15:06 19.09.01 -0400, you wrote: >... >Hmmm... Take a PS file with malicious code, place it in /tmp. To hide >what you are up to, eexec encode the malicious file. Now place > > (/tmp/malicious.ps) run > >into a PS file that will get run by setuid root GS. Oops! >... But an attacker does not need to place malicious code in a special file which is executed by "run". The malicious code - maybee eexec encoded - can be placed in the PS file itself as well. The code from the additional file runs in exactly the same environment (from a security related point of view) as the code from the calling PS file and can do exactly the same damages. So I think denying the run command does not increase security. Denying the run command makes sense if you scan the incoming PS file for malicious code before running GS. In this case it would prevent the execution of unscanned PS code. Dirk ----------------------------------------------------------- [EMAIL PROTECTED] http://www.e-technik.fh-schmalkalden.de/personen/dhp/krause ----------------------------------------------------------------------------- YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST The address you post from MUST be your subscription address If you need help, send email to [EMAIL PROTECTED] (or lprng-requests or lprng-digest-requests) with the word 'help' in the body. For the impatient, to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED] with: | example: subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED] unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED] If you have major problems, send email to [EMAIL PROTECTED] with the word LPRNGLIST in the SUBJECT line. -----------------------------------------------------------------------------
