[Esa-l]Adobe PDF files can be used as virus carriers (fwd)

Phil Pennock pdp at nl.demon.net
Tue Aug 7 15:36:05 PDT 2001


On 2001-08-07 at 18:29 -0400, Klaus Steden wrote:
> Doesn't this same liability exist for PostScript documents? IIrc, the power of
> PostScript as a language offers the potential to embed various nasty things
> inside PS documents. If so ... what's the typical way to defuse PS bombs?

Tell your postscript/clone renderer to not allow 'unsafe' operations.

man gs(1):
       -dSAFER
              Disables  the  "deletefile" and "renamefile" opera-
              tors and the ability to  open  files  in  any  mode
              other  than  read-only.   This may be desirable for
              spoolers or other sensitive  environments  where  a
              badly  written or malicious PostScript program must
              be prevented from changing important files.

If your invoking program (eg, gv(1)) doesn't already add -dSAFER, add
it.  If you're not using the GNU stuff, consult your documentation.
-- 
Phil Pennock                        <pdp at nl.demon.net> <Phil.Pennock at thus.net>
Demon Internet Nederland -- Network Operations Centre -- Systems Administrator
Libertes philosophica.
NL Sales: +31 20 422 20 00                          NL Support: 0800 33 6666 8



More information about the esd-l mailing list