[1333] in bugtraq
Re: MIME question...
daemon@ATHENA.MIT.EDU (r.evans@ic.ac.uk)
Tue Mar 28 08:59:29 1995
From: r.evans@ic.ac.uk
To: bugtraq@fc.net
Date: Tue, 28 Mar 1995 11:22:37 +0100 (BST)
In-Reply-To: <9503271812.AA24509@bradley.bradley.edu> from "Pete Hartman" at Mar 27, 95 12:12:09 pm
>The closest to this I've heard of is also a potential problem with
>some Web Browsers.
>
>If you can invoke a sufficiently sophisticated postscript interpreter
>with an email message or a web graphic, you can embed code to do
>unintended things, since PostScript is a full language.
Ghostscript has an option to tell it not to allow access to any external
files, I believe.
On the same note, has anyone had a close look at 'HotJava' yet from a
security standpoint? This is yet another Web browser (from Sun). The
main difference is that it can allow code to be downloaded and executed
locally. It's currently only available on Solaris 2.[34] for sparc, but
MacOS and W-latter-half-of-decade ports are underway. There's a security
doc available under the home page <URL:http://java.sun.com/> that suggests
some thought has been paid to security, but it sounds like thin ice to me.
[I know this isn't strictly discussion of a bug, but surely it's relevant
enough for discussion here?]
Rob
