Bugtraq mailing list archives
Re: vulnerabilities of postscript printers
From: Theo de Raadt <deraadt () cvs openbsd org>
Date: Sat, 24 Jan 2004 14:32:27 -0700
My god, people attach printers to networks! Postscript is Turing Complete!Blah blah - you can't open files...Sure you can, RTFM...Who cares? if it's a network attached printer there's some sort of IP stack in there speaking lpr, and some semblance of an operating system. It's a computer. It has network interfaces, the software is certainly full of bugs and sucks, like most other software. It's probably exploitable. Why would you treat this device any differently than any other network attachable device on your secured network?
I concur. When is the entire security community going to start realizing that - statistics keep showing there is approximately 1 bug in ever 50-200 lines of code - these bugs fall into classes of "programmer error", like heap object overflow, stack object overflow, range check failure, input mismanagement, race, ... - for certain classes, nearly EVERY occurance is exploitable, for instance, nearly all stack object overflows are exploitable - I am going to estimate that a typical postscript rom is, what, 2MB of code, probably is generated from about 100,000 lines of code.. are we getting the picture? Hence, I assume that if something has not been specifically audited by a person who is allowed to and capable of "cleaning the code to make it paranoid" as they audit, that code will have bugs. What stuns me is that someone would even need to ask the question of "is a postscript printer secure", and that numerous people would get lost in the rats nest of discussing what the postscript langauge is capable of. I would bet that most of the security holes in a printer would be due to crappy low level bugs. If I can't read the code to confirm that it is crap, I assume that it is crap. And I bet there are people actively exploiting printer firmware..
Current thread:
- Re: vulnerabilities of postscript printers, (continued)
- Re: vulnerabilities of postscript printers Glynn Clements (Jan 24)
- Re: vulnerabilities of postscript printers Nate Eldredge (Jan 24)
- Re: vulnerabilities of postscript printers der Mouse (Jan 23)
- Re: vulnerabilities of postscript printers Michael Zimmermann (Jan 24)
- Re: vulnerabilities of postscript printers der Mouse (Jan 24)
- Re: vulnerabilities of postscript printers Michael Zimmermann (Jan 24)
- Re: vulnerabilities of postscript printers der Mouse (Jan 24)
- Re: vulnerabilities of postscript printers Michael Zimmermann (Jan 24)
- Re: vulnerabilities of postscript printers Ian Farquhar - Network Security Group (Jan 27)
- Re: vulnerabilities of postscript printers Theo de Raadt (Jan 24)