Re: Mozilla/Firefox "PostScript/default" security problems

To: debian-security@lists.debian.org, debian-devel@lists.debian.org, debian-user@lists.debian.org
Subject: Re: Mozilla/Firefox "PostScript/default" security problems
From: Don Armstrong <don@donarmstrong.com>
Date: Sat, 10 Jul 2004 12:55:08 -0700
Message-id: <[🔎] 20040710195508.GD2320@xieana.donarmstrong.com>
Mail-followup-to: debian-security@lists.debian.org, debian-devel@lists.debian.org, debian-user@lists.debian.org
In-reply-to: <[🔎] 20040710152605.05a8d8bc.mba2000@ioplex.com>
References: <[🔎] pan.2004.07.09.00.18.08.303675@reidster.net> <[🔎] 200407091838.49554.bmsims1@insightbb.com> <[🔎] 20040710094708.GI24321@vnl.com> <[🔎] 20040710104718.GD3930@chello.nl> <[🔎] 1089472742.8346.7.camel@duke.gregfolkert.net> <[🔎] 20040710152605.05a8d8bc.mba2000@ioplex.com>

On Sat, 10 Jul 2004, Michael B Allen wrote:
> My impression was that the PostScript generator had the security
> issue

Can someone please state, for the record, definitively and precisely
what this "security issue" is?

The fact that PS is a turing complete language isn't a security issue,
beyond the fact that you shouldn't blindly execute untrusted PS. (Just
like you shouldn't blindly execute make files, or C code, or perl
scripts...)

Perhaps I've missed something, but everything that I've read in the
threads so far amounts to people either assuming that there's an issue
and not defining it, or attempting to figure out where the issue is.

Don Armstrong

-- 
Personally, I think my choice in the mostest-superlative-computer wars
has to be the HP-48 series of calculators.  They'll run almost
anything.  And if they can't, while I'll just plug a Linux box into
the serial port and load up the HP-48 VT-100 emulator.
 -- Jeff Dege, jdege@winternet.com

http://www.donarmstrong.com
http://rzlab.ucr.edu

Reply to:

Follow-Ups:
- Re: Mozilla/Firefox "PostScript/default" security problems
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- Mozilla/Firefox "PostScript/default" security problems
  - From: Reid Priedhorsky <reid@reidster.net>
- Re: Mozilla/Firefox "PostScript/default" security problems
  - From: Brad Sims <bmsims1@insightbb.com>
- Re: Mozilla/Firefox "PostScript/default" security problems
  - From: Dale Amon <amon@vnl.com>
- Re: Mozilla/Firefox "PostScript/default" security problems
  - From: Magnus Therning <magnus@therning.org>
- Re: Mozilla/Firefox "PostScript/default" security problems
  - From: Greg Folkert <greg@gregfolkert.net>
- Re: Mozilla/Firefox "PostScript/default" security problems
  - From: Michael B Allen <mba2000@ioplex.com>

Prev by Date: Re: Mozilla/Firefox "PostScript/default" security problems
Next by Date: Re: Mozilla/Firefox "PostScript/default" security problems
Previous by thread: Re: Mozilla/Firefox "PostScript/default" security problems
Next by thread: Re: Mozilla/Firefox "PostScript/default" security problems
Index(es):
- Date
- Thread