mailing list archives
PostScript security research
From: Paul Sebastian Ziegler <psz () observed de>
Date: Sat, 03 Mar 2007 20:06:46 +0100
-----BEGIN PGP SIGNED MESSAGE-----
I'm currently coming across a lot of PostScript documents. And I realize
that most people consider them as "pictures" and thus plainly open them.
This is why I thought about testing it's security and possibly creating
some PoC to raise awareness.
During my research I found that PostScript has the possibility to open
and manipulate files. Now that's a good start. :)
Also this project here proves that it must somehow be possible to "bind"
to a port: http://public.planetmirror.com/pub/pshttpd/
(Still researching this one...)
However google hasn't been particularly helpful when it came to the
1) Has anybody researched this before (no need to crash open doors)
2) Is PostScript capable of using the system()-call or something similar?
Does anybody know about this?
Thanks in advance
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- PostScript security research Paul Sebastian Ziegler (Mar 03)