home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: alt.gopher,alt.security,comp.lang.postscript
- Path: news.ans.net!europa.asd.contel.com!uunet!emba-news.uvm.edu!wollman
- From: wollman@UVM.EDU (Garrett Wollman)
- Subject: Re: Gopher PostScript data type would constitute a security hole
- Message-ID: <1992May5.185652.6305@uvm.edu>
- Organization: University of Vermont, EMBA Computer Facility
- References: <92May4.112004edt.53306@watdragon.waterloo.edu> <1992May5.033112.13853@menudo.uh.edu> <1992May5.161126.11521@rice.edu>
- Date: Tue, 5 May 1992 18:56:52 GMT
-
- In article <1992May5.161126.11521@rice.edu> riddle@is.rice.edu (Prentiss Riddle) writes:
- >GhostScript, the GNU PostScript interpreter on which GhostView is
- >based, appears to implement these scary functions, and the author has
- >not been responsive to our request that a "safe" mode be added to
- >GhostScript. Nor have we found an alternative PostScript previewer
- >with a "safe" mode.
-
- There already *is* one. Observe:
-
-
-
- wollman@sal(25)$ touch foo.c
- wollman@sal(26)$ gs -dWRITESYSTEMDICT
- Initializing... done.
- Ghostscript 2.4.1 (4/21/92)
- Copyright (C) 1990, 1992 Aladdin Enterprises, Menlo Park, CA.
- All rights reserved.
- Distributed by Free Software Foundation, Inc.
- Ghostscript comes with NO WARRANTY: see the file LICENSE for details.
- GS>systemdict begin /deletefile { pop } def end
- GS>(foo.c) deletefile
- GS>wollman@sal(27)$ ls -l foo.c
- -rw-r--r-- 1 wollman csugrads 0 May 5 14:54 foo.c
-
- How's that?
-
- -GAWollman
-
- --
- Garrett A. Wollman = wollman@uvm.edu = UVM is welcome to my opinions
- = uvm-gen!wollman =
- That's what being alive is all about. No deity, no higher goal
- exists, than to bring joy to another person. - Elf Sternberg
-
-
