Bugtraq mailing list archives

Re: MIME question...

From: cwe () it kth se (Christian Wettergren)
Date: Wed, 29 Mar 95 11:05:12 +0200


| | The closest to this I've heard of is also a potential problem with
| | some Web Browsers.
| |
| | If you can invoke a sufficiently sophisticated postscript interpreter
| | with an email message or a web graphic, you can embed code to do
| | unintended things, since PostScript is a full language.
| Indeed which is why you should set the flags for Ghostscript to not process
| file and other security threatening commands.
| I presume other postscript viewers have at least the functionality of 
| ghostscript :-)
| 
| The same is true of all documents which include scripting components.
| Which I guess will be the next generation of word processors from major 
| vendors.

Many data formats incorporate "execution" features. One should actually
look thouroughly at each and every one of them, because they lurk everywhere.
And there are non-obvious interactions between the viewers and MIME that
can get you quite badly. 

Most viewers used by MIME wasn't written with security in mind, since they
were assumed to be used by one user. "Why on earth should one write an
dvi-viewer that doesn't execute commands? The user I'm trying to protect is
the same guy who provided the data, isn't that so?" (dvips has a builtin
{\special("'...")} mode that executes the thing contained in the string.)

Now MIME all changed that so that we now receive data from many different 
entities. The security model and the requirements on the viewers suddenly
changed drastically. 

The only problem I see with MIME specifically is that it is so easy to 
add yet-another viewer. It is almost impossible to withstand the pleads
from the users to add the latest MPEG-2 audio player to mime.types or
mailcap. "They can add it themselves anyway."

And now to my contribution to full disclosure: viewers sometimes change 
between versions. Someone pointed out to me that 'xv 3.10' now executes
Postscript code, but not in the "safe mode". It does execute the file-
operations without complaint. This is _probably_ not a problem, since
xv usually isn't specified as the viewer for Postscript, but one should
be aware of it.

/Christian Wettergren, cwe () it kth se

Current thread:

MIME question... robert owen thomas (Mar 17)
- Re: MIME question... Doug Hughes (Mar 17)
- <Possible follow-ups>
- Re: MIME question... Pete Hartman (Mar 27)
  - Re: MIME question... r.evans () ic ac uk (Mar 28)
- Re: MIME question... mueller_scott (Mar 28)
- Re: MIME question... Jonathon Tidswell (Mar 28)
  - Re: MIME question... Christian Wettergren (Mar 29)
  - Request to Join Mailing List BRUCE.SHELDON () STATE MN US (Mar 29)
  - Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
  - Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
  - Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
  - Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
    - Re: Network Monitoring and Control (announcement) Christopher D. Heer (Mar 30)
  - Network Monitoring and Control (announcement) Mike Neuman (Mar 29)
    - Re: Network Monitoring and Control (announcement) root (Mar 30)
    - Re: Network Monitoring and Control (announcement) Christopher Samuel (Mar 31)
    - Watcher page moved (and ObBug) Mike Neuman (Mar 31)

(Thread continues...)