Re: Mozilla/Firefox "PostScript/default" security problems
On Thursday 08 July 2004 7:18 pm, Reid Priedhorsky wrote:
> Googling and searching the bug database only yielded a vague claim about a
> remote exploit (bug #247585). I also asked over on debian-user and while
> the flurry of replies showed that the removal decision was controversial
> if not unpopular, no one gave any information on the security problems.
> debian-devel has not turned up anything so far either.
Best anyone on debian-user or in #debian up on freenode can tell me
the only one to notice the potential exploit (frankly I worry more about a
meteor hitting the pc) is the one who removed postscript and
who closes wishlists asking it back with wont-fix. Upstream still prints
via postscript/default; for what it's worth.
As I understand it the potential is that postscript as nearly turing-complete
it can potentially run commands on your machine while printing
L337 |-|4><0r Du|)3's web page. Like I said, not all that likely to actually
happen in real life.
But if anyone has more info I too would like to hear it.
If you want postscript back; simply grab the source deb and roll your own;
just edit rules under the debian folder. Delete the '--with-xprint' and
'--disable-postscript' lines and do 'dpkg-buildpackage -rfakeroot'. However
I did give the debs a version number of 99 to keep apt from updating them
until there is a new mozilla version from upstream.
--
How dare the government intervene to stifle innovation in the computer
industry! That's Microsoft's job, dammit!
Reply to: