[2147] in bugtraq
Re: Guidelines for cgi-bin scripts
daemon@ATHENA.MIT.EDU (Jeff Uphoff)
Sat Aug 19 21:14:25 1995
Date: Sat, 19 Aug 1995 00:55:21 -0400
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: Your message of Wed, August 9, 1995 00:44:01 -0700
From a slightly aged thread (over a week since last post):
"CW" == Christian Wettergren <cwe@Csli.Stanford.EDU> writes:
CW> | > For example, if someone gave you a cgi-bin script and asked you
CW> | > to tell them if it was going to cause any security holes, what
CW> | > would you look for?
CW> (The newest versions of xv (3.10, I believe) actually executes
CW> postscript files without the -SAFER switch. So by sending a
CW> postscript file from an web-server but specifying it as a image/tiff
CW> or whatever, you are actually able to do nasty things.)
The "safe" options don't really make the execution of the common
Postscript interpreters safer. (I'm assuming that you're referring to
'ghostscript', and its 'ghostview' cousin, here).
There is a way to open and write to files using embedded Postscript
commands--even when the "safe" mode that is supposed to prevent
file-writes is utilized. I have some example Postscript code that
exploits this (Olaf Kirch wrote it).
There is no fix out as yet (that I'm aware of), and anyone that views
Postscript files (that they of course may not know are Postscript ahead
of time) via something like a Web browser *still* runs the risk of
getting an unwanted present on their machine--even when running the
Postscript interpreter in "safe" mode.
--Up.
--
Jeff Uphoff - systems/network admin. | juphoff@nrao.edu
National Radio Astronomy Observatory | jeff.uphoff@linux.org
Charlottesville, VA, USA | http://linux.nrao.edu/~juphoff/
