Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.postscript > #3447
| X-Received | by 2002:a05:620a:4c9:: with SMTP id 9mr27366969qks.235.1568085617288; Mon, 09 Sep 2019 20:20:17 -0700 (PDT) |
|---|---|
| X-Received | by 2002:a37:313:: with SMTP id 19mr27166443qkd.356.1568085617140; Mon, 09 Sep 2019 20:20:17 -0700 (PDT) |
| Path | csiph.com!3.us.feeder.erje.net!feeder.erje.net!news.snarked.org!border2.nntp.dca1.giganews.com!border1.nntp.dca1.giganews.com!nntp.giganews.com!o24no4142929qtl.0!news-out.google.com!c11ni770qtp.0!nntp.google.com!o24no4142927qtl.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail |
| Newsgroups | comp.lang.postscript |
| Date | Mon, 9 Sep 2019 20:20:16 -0700 (PDT) |
| In-Reply-To | <b8cfeca4-846f-4996-97a0-567beba0a7ec@googlegroups.com> |
| Complaints-To | groups-abuse@google.com |
| Injection-Info | glegroupsg2000goo.googlegroups.com; posting-host=24.107.176.41; posting-account=G1KGwgkAAAAyw4z0LxHH0fja6wAbo7Cz |
| NNTP-Posting-Host | 24.107.176.41 |
| References | <76a128e3-b068-4071-9e7c-b32340144cf3@googlegroups.com> <b8cfeca4-846f-4996-97a0-567beba0a7ec@googlegroups.com> |
| User-Agent | G2/1.0 |
| MIME-Version | 1.0 |
| Message-ID | <bee1f452-c660-4deb-b86c-5bc76a608ef6@googlegroups.com> (permalink) |
| Subject | Re: gs 'exploit'? |
| From | luser droog <luser.droog@gmail.com> |
| Injection-Date | Tue, 10 Sep 2019 03:20:17 +0000 |
| Content-Type | text/plain; charset="UTF-8" |
| Lines | 17 |
| Xref | csiph.com comp.lang.postscript:3447 |
Show key headers only | View raw
On Monday, September 9, 2019 at 10:17:20 PM UTC-5, luser droog wrote: > On Monday, September 9, 2019 at 5:02:42 PM UTC-5, luser droog wrote: > > https://gist.github.com/rebirthwyw/d401fc375620d4497cc993045736a168 > > I'm not sure I entirely get it. Are the doubled brackets intended to > "deactivate" the code so it doesn't actually do anything unless modified? > That's the only thing I can think of. > > It appears this can only be used when the pdf device is active. > So if you process to ps2 first and then run the "clean" ps output > to make a pdf, that would completely invalidate the entire approach > here. If this technique is used, there are limits to what can be done. > So the permissions of the 'gs' binary are important. > > YMMV IANASA Screening should be easy. Bona fide documents should never be poking into /.pdf* . Although now thas I say that....sigh
Back to comp.lang.postscript | Previous | Next — Previous in thread | Next in thread | Find similar
gs 'exploit'? luser droog <luser.droog@gmail.com> - 2019-09-09 15:02 -0700
Re: gs 'exploit'? luser droog <luser.droog@gmail.com> - 2019-09-09 20:17 -0700
Re: gs 'exploit'? luser droog <luser.droog@gmail.com> - 2019-09-09 20:20 -0700
Re: gs 'exploit'? ken <ken@spamcop.net> - 2019-09-16 08:12 +0100
Re: gs 'exploit'? luser droog <luser.droog@gmail.com> - 2019-09-17 12:22 -0700
Re: gs 'exploit'? ken <ken@spamcop.net> - 2019-09-18 15:19 +0100
Re: gs 'exploit'? luser droog <luser.droog@gmail.com> - 2019-10-13 02:14 -0700
csiph-web