Re: vulnerabilities of postscript printers

[Michael Zimmermann <zim () vegaa de>]

At Freitag, 23. Januar 2004 05:15 der Mouse wrote:
> [about reading arbitray memory locaition with PostScript]
> ... such a thing is unnecessary for normal use

And it is not needed. All print jobs come in as PostScript-readable
files (program plus data) and the software on the printer
which reads and processes it is PostScript on the surface too,
hence at least data-stealing does not need reading or writing
of arbitrary port or memory locations.


> [...] not all parallel interfaces are bidirectional in any
> meaningful sense [...]

But the parallel interface of the PostScript printer probably is.
Hence it can be used to get data back to the intruder machine.
Or with the modern network interfaces the data exchange
goes over a normal (bidirectional) tcp/ip connection.


> it needs to provide the correct value for a 32-bit "password".
> (Such things can be set insecurely, certainly, but that's no 
> different, really, from having a Unix box with root's password 
> set to "root": it's admin error.)

Reminding colleagues of possible admin errors is not too
far fetched. Especially as the default setup is probably
with the "password" == 0 after each powerloss. Just stumbling
over the powercord in the evening -- oops, sorry --
pushing it back into the socket while my PC is waiting to
installing my own system-software which mimickes the 
normal one. Who would recognize anything for years?


> Of course, implementation bugs are possible, as with anything.  But
> exploiting such a thing isn't using PostScript per se.

Come on, der Mouse, according to this logic every Linux exploit 
which is discussed in Bugtraq is "not Linux per se".
And regarding PostScript security it may as well be 
more a design bug than an implementation flaw.

Let's not forget, that PostScript is for high-level printers
what Windows is for PCs. Nearly all PS printers run the
Adobe system, don't they? A mono-culture par excellance.


> Well, I have a PostScript printer, and its biggest problem I know of is
> that it has, as far as I can tell, no security on whom it will accept
> jobs from, so I have to keep it on the non-routable house subnet.  (I
> also leave it turned off most of the time.)

In your case the printer is only part of one network, der Mouse.
That is you achieve security by positioning it behind a firewall 
(or switch it off alltogether).
But the original question assumed a printer connected to two
different networks. And it was asked, wether one could misuse
the printer to access the other network or steal print-jobs.

Also you seem to have physical access to the machine.
What about a printer which is sitting in the copy-room
on the third floor and running day in and day out?

Your case and your arguments are indirect proof for the 
insecurity of the PostScript-printer situation.


Regards
-- 
Michael Zimmermann (Vegaa Safety and Security for Internet Services)