[ILUG] unix mail script virus hole long before windows?

[Foley, Brian (Galway)]

Well yeah, any arbitrary piece of data can be turned into executable code in
PS, but thats not quite the point.
You don't have to do any interpretation yourself -- thats what the PS
interpreter is for!

If you redefined the file operator (which takes works like fopen in C) as
the following:
/file {
	pop pop
	invalidfileaccess
} def

Then any attempt to open a file such as
(/etc/passwd) (w) file
would cause an error. 

If this redefinition is done as part of the job prolog, then the 'real'
definition of the file operator is effectively lost for the rest of the job.

BTW the following should do what you want, but don't hold me to it, I've no
PS interpreter to hand right now...

%!PS
/f
	(~/i_could_have_deleted_all_your_files) (w) file
def

f (You've been PostScripted!) writestring
f closefile

Cheers,
Brian.

-----Original Message-----
From: Paul Jakma [mailto:paulj at alphyra.ie]
Sent: 10 July 2001 13:46
To: Foley, Brian (Galway)
Cc: ilug at linux.ie
Subject: RE: [ILUG] unix mail script virus hole long before windows?

[snip]

however, less reassuring, from the same post, is that in PS operators
can be created from other strings. so it would seem to be nearly
impossible to secure PS just by scanning the inputted PS, the
interpreter would have to check constantly while 'running' the PS
script.

wonder whether ghostscript has been refined further security wise
since the above 1994 RISKS digest? ...

what's the postscript for:

echo "you've been postscripted" >> ~/i_could_have_deleted_all_your_files

??

'd love to send to a few people....

--paulj