From: tomw@orac.engr.sgi.com (Tom Weinstein)
To: cypherpunks@toad.com
Message Hash: 3f6de654a2408992810a702e516b7847909c72e3c9ac27dda605d8ecf7f27f71
Message ID: <199510190229.TAA13011@orac.engr.sgi.com>
Reply To: <DGn8F6.50y@sgi.sgi.com>
UTC Datetime: 1995-10-19 02:29:44 UTC
Raw Date: Wed, 18 Oct 95 19:29:44 PDT
From: tomw@orac.engr.sgi.com (Tom Weinstein)
Date: Wed, 18 Oct 95 19:29:44 PDT
To: cypherpunks@toad.com
Subject: Re: Postscript in Netscape
In-Reply-To: <DGn8F6.50y@sgi.sgi.com>
Message-ID: <199510190229.TAA13011@orac.engr.sgi.com>
MIME-Version: 1.0
Content-Type: text/plain
In article <DGn8F6.50y@sgi.sgi.com>, fc@all.net (Dr. Frederick B. Cohen) writes:
> Jeff Weinstein - Electronic Munitions Specialist Wrote:
> ...
>> If a user configures a postscript viewer that has not had the
>> file operations disabled as a helper app to any web browser then
>> they are opening themselves up for a world of hurt. The same is
>> true if they just download the file and run their viewer on it
>> manually. The same is true if they configure /bin/sh as an
>> external viewer.
>>
>> Obviously everyone should heed perry's warnings and emasculate
>> their postscript interpreters before using them to view files
>> of unknown origin.
> WRONG!!! Netscape claims to be "secure" - hence it is Netscape's job to
> be secure - regardless of the user's use of their product. Otherwise,
> the ads should read:
> "Netscape can be used securely by sufficiently knowledgeable
> users who have emasculated their postscript interpreters before
> using them to view files of unknown origin, and who have removed
> all other known, unknown, and/or undisclosed security holes from
> their systems. Otherwise, Netscape is insecure and should not be
> trusted."
If the user sets up a postscript viewer as an external viewer for
postscript files, it's not Netscape's fault if the viewer does something
insecure.
--
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything. -- Washington DC motto | tomw@engr.sgi.com
Return to October 1995
Return to “tomw@orac.engr.sgi.com (Tom Weinstein)”
Unknown thread root