Re: Re: vulnerabilities of postscript printers

[Darren Reed <avalon () caligula anu edu au>]

To put my comments in perspective, I immersed myself in postscript at a
time when "level 2" was new and there it not really documented.

In some mail from Michael Zimmermann, sie said:
> At Freitag, 23. Januar 2004 06:01 Darren Reed wrote:
> > First, remember that postscript has been designed for rendering images
> > on a page.  It has -no- native networking comands nor ability to talk
> > to any peripheral.
>
> This statement is misleading. PostScript allows reading and writing of files
> for example, if the printer has a disk installed (and some have -- to store 
> jobs, fonts, forms and of course system-software). It should also be noted, 
> that a PostScript printer establishes a two-way communication with the 
> driver. This stdin and stderr files can be access by the user programm
> (i.e. by the print-job transmitted to the printer).
> Using a special "print"-driver gives me a user "shell" for an apple
> and an egg. Every driver writer for PostScript printer knows that,
> it's part of the PostScript bibles (I think, in the third book).

Yup and stdout & stderr are very useful.  Lets you find out, easily,
how many pages were printed.  Also allows "interactive".  But this
is all "so-what" type material...

> Often the system-level is only a password away (if the administrator
> has set it at all, which I doubt). Hence a null password or the factory 
> default would be a good guess. And I have seen the only possible
> password type to be an <integer>. Brute force at night with an
> automatic script running on my PC should not be too difficult.

See here you've taken a step I don't believe possible - with postscript.
For reference I downloaded the blue book and read through there operator
summary last night and there is no "password" or "login" in postscript.
Often postscript printers have a telnet facility if they have a network
card but that's quite separate, I believe.  Kind of like how such
printers will usually also do SNMP and/or appletalk and/or whatever other
networking stuff has been put in them.

> The network communication is part of the system-level, and this
> is usually also partly written in PostScript, but at least accessible
> from the PostScript level.

And you have an example of this ?

For it to be accessible via postscript, I imagine it might take
some special filename...

All that said and done, there's still no replacing a postscript printer
for printing quality, IMHO :)

Darren

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html