Mobile Code

• PostScript - Issues

  • One of the options available within PostScript is file IO. This allows a PostScript document, when run within an interpreter that does not place restrictions upon the scripts actions, to read or write users files.
    • This could be used in an attack where a users .rhosts file is overwritten with the “+ +” that we talk about so often.
  • Many interpreters will offer some level of security and not allow this access. (Very similar to the Java sandbox model)

Previous slide

Next slide

Back to first slide

View graphic version