[ILUG] unix mail script virus hole long before windows?
Niall O Broin
niall at linux.ie
Tue Jul 10 13:23:43 IST 2001
On Tue, Jul 10, 2001 at 11:23:53AM +0100, Paul Jakma wrote:
> so what happens if a postscript file that does whatever the postscript
> equivalent of rm -rf ~/* gets run through ghostscript?
That depends on what context ghostscript runs in. I don't think anything bad can
happen there. However, someone else mentioned NeXT and DPS (Display
Postscript) but the problem's older than that. Sun had the first commercial
DPS system with Xnews (X Network Extensible Windowing System AFAIR) and
because the Postscript intrepreter there was running in the context of a
Unix system, nasty things could and did happen - the one exploit I heard of
was a PS file of a clown which wiped files when it was displayed.
> if the worst case: does this mean Unix has had a mail scripting hole
> long long before Outlook+vb came along?
Yes, with of course the exception that when joe user looked at the clown
face, only his files got zapped and not the whole bloody disk (of course, if
root looked at the clown . . . .)
More information about the ILUG