Re: Guidelines for cgi-bin scripts

[juphoff () tarsier cv nrao edu (Jeff Uphoff)]

> From a slightly aged thread (over a week since last post):

"CW" == Christian Wettergren <cwe () Csli Stanford EDU> writes:

CW> | > For example, if someone gave you a cgi-bin script and asked you
CW> | > to tell them if it was going to cause any security holes, what
CW> | > would you look for?

CW> (The newest versions of xv (3.10, I believe) actually executes
CW> postscript files without the -SAFER switch. So by sending a
CW> postscript file from an web-server but specifying it as a image/tiff
CW> or whatever, you are actually able to do nasty things.)

The "safe" options don't really make the execution of the common
Postscript interpreters safer.  (I'm assuming that you're referring to
'ghostscript', and its 'ghostview' cousin, here).

There is a way to open and write to files using embedded Postscript
commands--even when the "safe" mode that is supposed to prevent
file-writes is utilized.  I have some example Postscript code that
exploits this (Olaf Kirch wrote it).

There is no fix out as yet (that I'm aware of), and anyone that views
Postscript files (that they of course may not know are Postscript ahead
of time) via something like a Web browser *still* runs the risk of
getting an unwanted present on their machine--even when running the
Postscript interpreter in "safe" mode.

--Up.

--
Jeff Uphoff - systems/network admin.  |  juphoff () nrao edu
National Radio Astronomy Observatory  |  jeff.uphoff () linux org
Charlottesville, VA, USA              |  http://linux.nrao.edu/~juphoff/