Full Disclosure mailing list archives
PostScript security research
From: Paul Sebastian Ziegler <psz () observed de>
Date: Sat, 03 Mar 2007 20:06:46 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, I'm currently coming across a lot of PostScript documents. And I realize that most people consider them as "pictures" and thus plainly open them. This is why I thought about testing it's security and possibly creating some PoC to raise awareness. During my research I found that PostScript has the possibility to open and manipulate files. Now that's a good start. :) Also this project here proves that it must somehow be possible to "bind" to a port: http://public.planetmirror.com/pub/pshttpd/ (Still researching this one...) However google hasn't been particularly helpful when it came to the following questions: 1) Has anybody researched this before (no need to crash open doors) 2) Is PostScript capable of using the system()-call or something similar? Does anybody know about this? Thanks in advance Paul -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF6cdGaHrXRd80sY8RCsj6AKCT9KwwH/+GCw/td1ZCLN6E4MqF+wCgixu5 fnqrvlvr37O36zEeBfD3BJA= =/lno -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- PostScript security research Paul Sebastian Ziegler (Mar 03)
- Re: PostScript security research Valdis . Kletnieks (Mar 04)
- <Possible follow-ups>
- Re: PostScript security research Ulf Harnhammar (Mar 03)