Bugtraq mailing list archives
Re: Guidelines for cgi-bin scripts
From: juphoff () tarsier cv nrao edu (Jeff Uphoff)
Date: Sat, 19 Aug 1995 00:55:21 -0400
From a slightly aged thread (over a week since last post):
"CW" == Christian Wettergren <cwe () Csli Stanford EDU> writes: CW> | > For example, if someone gave you a cgi-bin script and asked you CW> | > to tell them if it was going to cause any security holes, what CW> | > would you look for? CW> (The newest versions of xv (3.10, I believe) actually executes CW> postscript files without the -SAFER switch. So by sending a CW> postscript file from an web-server but specifying it as a image/tiff CW> or whatever, you are actually able to do nasty things.) The "safe" options don't really make the execution of the common Postscript interpreters safer. (I'm assuming that you're referring to 'ghostscript', and its 'ghostview' cousin, here). There is a way to open and write to files using embedded Postscript commands--even when the "safe" mode that is supposed to prevent file-writes is utilized. I have some example Postscript code that exploits this (Olaf Kirch wrote it). There is no fix out as yet (that I'm aware of), and anyone that views Postscript files (that they of course may not know are Postscript ahead of time) via something like a Web browser *still* runs the risk of getting an unwanted present on their machine--even when running the Postscript interpreter in "safe" mode. --Up. -- Jeff Uphoff - systems/network admin. | juphoff () nrao edu National Radio Astronomy Observatory | jeff.uphoff () linux org Charlottesville, VA, USA | http://linux.nrao.edu/~juphoff/
Current thread:
- Re: Guidelines for cgi-bin scripts Jeff Uphoff (Aug 18)