[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cite for print-to-postscript exploit in Mozilla?

On 07/09/2004 04:02 PM, Ian Douglas wrote:
> http://www.imc.org/ietf-822/old-archive1/msg01346.html
> 
> Is probably what is being refered to...

Thanks for the link!  (Wow, foreshadowing of virus infections via email
attachments...)

But is there any way in which Mozilla's print-to-postscript is _less_
safe than using gv to open up a random PostScript file found somewhere
on the Internet?  Or are the two equally insecure?  If the latter, then
does it make sense to turn off postscript printing without also removing
gv and other PS viewers from Debian?

I admit this last question is a bit rhetorical.  My point is that, as
sysadmin of a physics cluster running Debian/woody on which people
frequently look at downloaded PS files anyway, I want to know whether it
is really worth my time to upgrade Mozilla [currently running 1.4 from
Adrian Bunk's backports], install Xprint from unstable, and go through
the apparently non-trivial task of getting it to work well.

By the way, is PDF also Turing-complete with the accompanying security
issues?

regards,

-- 
Kevin B. McCarty <kmccarty@princeton.edu>   Physics Department
WWW: http://www.princeton.edu/~kmccarty/    Princeton University
GPG public key ID: 4F83C751                 Princeton, NJ 08544
Reply to: