On Tue, Jul 10, 2001 at 11:23:53AM +0100, Paul Jakma wrote:
> so what happens if a postscript file that does whatever the postscript
> equivalent of rm -rf ~/* gets run through ghostscript?
That depends on what context ghostscript runs in. I don't think anything bad can
happen there. However, someone else mentioned NeXT and DPS (Display
Postscript) but the problem's older than that. Sun had the first commercial
DPS system with Xnews (X Network Extensible Windowing System AFAIR) and
because the Postscript intrepreter there was running in the context of a
Unix system, nasty things could and did happen - the one exploit I heard of
was a PS file of a clown which wiped files when it was displayed.
> if the worst case: does this mean Unix has had a mail scripting hole
> long long before Outlook+vb came along?
Yes, with of course the exception that when joe user looked at the clown
face, only his files got zapped and not the whole bloody disk (of course, if
root looked at the clown . . . .)
Regards,
Niall
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
