[Esa-l]Adobe PDF files can be used as virus carriers (fwd)
Phil Pennock
pdp at nl.demon.net
Tue Aug 7 15:36:05 PDT 2001
On 2001-08-07 at 18:29 -0400, Klaus Steden wrote:
> Doesn't this same liability exist for PostScript documents? IIrc, the power of
> PostScript as a language offers the potential to embed various nasty things
> inside PS documents. If so ... what's the typical way to defuse PS bombs?
Tell your postscript/clone renderer to not allow 'unsafe' operations.
man gs(1):
-dSAFER
Disables the "deletefile" and "renamefile" opera-
tors and the ability to open files in any mode
other than read-only. This may be desirable for
spoolers or other sensitive environments where a
badly written or malicious PostScript program must
be prevented from changing important files.
If your invoking program (eg, gv(1)) doesn't already add -dSAFER, add
it. If you're not using the GNU stuff, consult your documentation.
--
Phil Pennock <pdp at nl.demon.net> <Phil.Pennock at thus.net>
Demon Internet Nederland -- Network Operations Centre -- Systems Administrator
Libertes philosophica.
NL Sales: +31 20 422 20 00 NL Support: 0800 33 6666 8
More information about the esd-l
mailing list