Postscript in Netscape
Dr. Frederick B. Cohen
fc at all.net
Wed Oct 18 04:59:14 PDT 1995
Jeff Weinstein - Electronic Munitions Specialist Wrote:
...
> If a user configures a postscript viewer that has not had the
> file operations disabled as a helper app to any web browser then
> they are opening themselves up for a world of hurt. The same is
> true if they just download the file and run their viewer on it
> manually. The same is true if they configure /bin/sh as an
> external viewer.
>
> Obviously everyone should heed perry's warnings and emasculate
> their postscript interpreters before using them to view files
> of unknown origin.
WRONG!!! Netscape claims to be "secure" - hence it is Netscape's job to
be secure - regardless of the user's use of their product. Otherwise,
the ads should read:
"Netscape can be used securely by sufficiently knowledgeable
users who have emasculated their postscript interpreters before
using them to view files of unknown origin, and who have removed
all other known, unknown, and/or undisclosed security holes from
their systems. Otherwise, Netscape is insecure and should not be
trusted."
--
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
More information about the cypherpunks-legacy
mailing list