Quoting Anuerin G. Diaz ([EMAIL PROTECTED]): > this reminds of another article from [EMAIL PROTECTED] that > contradicts it (look at the ending statement). i dont have net acces at > the moment so i cant verify if the same info exists in the links you > provided. note that although i said it contradicts it, it is only valid > up to the viewpoint of the author.
It's been known for a very long time that PostScript (and PDF, which is basically the same thing) has the potential to be used for attacks against the local console user. That's why ghostview/Ghostscript includes the command-line option "-safer" to pretty much defang them. To quote one of the the ghostview/Ghostscript references: PostScript files and security: PostScript -- being a full-blown programming language -- contains operators for modifying and deleting files. This opens a security gap when downloading unknown files. In the worst case, a file pretending to be a harmless PostScript image file may delete files from your local hard disk -- possibly even with root permission! Although there are no known cases of such "trojan horses", you should protect yourself against this kind of attack. Ghostscript's -dSAFER option disables critical file operators; the interpreter refuses to open files other than read-only. GSview launches Ghostscript with this option by default, Ghostview for Unix uses the option if launched with the -safer option itself. This is why .mailcap entries for the PostScript MIME type tend to include the -safer option: application/postscript; ghostview -safer %s I'm not familiar with what exposures of a similar nature xpdf faces, and what the code does about it. Quoting Brian Hatch: > What some may not realize is that some non-executable file formats have > the potential to run malicious code. Hatch is being sensationalistic as well as intentionally inaccurate: It would be more accurate to say that any "document file" with a sufficiently expressive macro language _is_ basically an executable, and must be treated with care. Fortunately, this isn't a new insight. > Think of how many pieces of third party software you've installed, many > of which come with manual pages. If you had time to vet the source code, > did you even think of looking at the man pages for hidden trojans like > this one? Probably not. This is rather silly, since in this hypothetical, you're also installing untrustworthy third-party _software_ accompanying the manpage. Surely the threat from the manpage is trivial in comparison. > Luckily, GNU's troff, which is what is used on Linux systems, disables > unsafe macros by automatically including the 'safer' macro file. And there is that. > Next, let's look at another example, a PostScript file. [...] (Hatch goes through a long example, then points out that ghostview uses the -safer mode, to deal with the problem. He could have gone on to observe that generally Ghostscript uses the corresponding facility.) > Thus far, no one has attempted to embed such an exploit into a LaTeX, > PDF, or image file, but I'll leave the challenge open to anyone who > wants to try. I have never tried so I don't know offhand if they're > possible. I'd think one in LaTeX should be possible, but PDF and > graphics are likely out of the running. If the recently claimed problem with some PDF files were an urgent threat, I'd be following Bugtraq posts on the subject. As it is, I'm willing to wait a bit. -- Cheers, "That scruffy beard... those suspenders... that smug ex- Rick Moen pression.... You're one of those condescending Unix users!" [EMAIL PROTECTED] "Here's a nickel, kid. Get yourself a real computer." _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
