Re: vulnerabilities of postscript printers

[Georg Lutz <glist () gmx net>]

On 2004-01-24, Glynn Clements wrote:
> PostScript has the ability to read/write named files, and nothing
> prohibits an implementation from making peripheral devices or ports
> accessible as named files. E.g. using GhostScript on Linux, the
> following trivial PostScript program sends a WAV file (or the first
> 20kb thereof) to the sound card:
>
>       (/dev/dsp) (w) file dup
>       (foo.wav) (r) file
>       20000 string readstring pop
>       writestring flushfile
>
> [The -dSAFER switch disables file access, and should be used when
> running gs on "untrusted" PostScript files.]

Does this mean, that a Postscript-file is not safer than a MS Word
document?

Shouldnt -dSAFER be then the default option? Or breaks this something
else?

-- 
Georg