[Esa-l]Adobe PDF files can be used as virus carriers (fwd)
Brett Glass
brett at lariat.org
Tue Aug 7 18:02:26 PDT 2001
At 04:36 PM 8/7/2001, Phil Pennock wrote:
>man gs(1):
> -dSAFER
> Disables the "deletefile" and "renamefile" opera-
> tors and the ability to open files in any mode
> other than read-only. This may be desirable for
> spoolers or other sensitive environments where a
> badly written or malicious PostScript program must
> be prevented from changing important files.
Will it allow programs to be EXECUTED, though? On many OSes,
one can execute anything one can read; that is, the permissions
are not separate. And if the program is a script, read permission
may be all that's necessary, because the script is really just
"data" for the interpreter.
--Brett
P.S. -- We don't use GhostScript, because it's one of the few products
out there which has a license that's MORE onerous than the GPL. Viral...
nasty... bleagh.
More information about the esd-l
mailing list