Well yeah, any arbitrary piece of data can be turned into executable code in
PS, but thats not quite the point.
You don't have to do any interpretation yourself -- thats what the PS
interpreter is for!
If you redefined the file operator (which takes works like fopen in C) as
Then any attempt to open a file such as
(/etc/passwd) (w) file
would cause an error.
If this redefinition is done as part of the job prolog, then the 'real'
definition of the file operator is effectively lost for the rest of the job.
BTW the following should do what you want, but don't hold me to it, I've no
PS interpreter to hand right now...
(~/i_could_have_deleted_all_your_files) (w) file
f (You've been PostScripted!) writestring
From: Paul Jakma [mailto:paulj at alphyra.ie]
Sent: 10 July 2001 13:46
To: Foley, Brian (Galway)
Cc: ilug at linux.ie
Subject: RE: [ILUG] unix mail script virus hole long before windows?
however, less reassuring, from the same post, is that in PS operators
can be created from other strings. so it would seem to be nearly
impossible to secure PS just by scanning the inputted PS, the
interpreter would have to check constantly while 'running' the PS
wonder whether ghostscript has been refined further security wise
since the above 1994 RISKS digest? ...
what's the postscript for:
echo "you've been postscripted" >> ~/i_could_have_deleted_all_your_files
'd love to send to a few people....
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!