[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape Logic Bomb detailed by IETF



Perry E. Metzger writes:
>[email protected] writes:
>> Clearly, someone has a vested interest which they are expending a 
>> great deal of effort to protect.  My email to Netscape detailing their 
>> logic bomb has gone unanswered, and unacknowledged for ten days now.
>
>Maybe because you're an idiot and they don't feel that its necessary
>to answer. What more need be said?

I see that Perry is as charming as ever?

Perry, I just don't think that it is wise to stick your head in the sand
and ignore a severe flaw in your algorithm, while actively misrepresenting
matters to those people who are not intimately familiar with the IETF. 

>Those of us who care run our postscript interpreters with all the
>dangerous commands stripped out, 

Perry, I'll call you on that one, cause you simply can't do it.  

Postscript isn't like any other language around.  Operator names have no
special significance to the interpreter.  You can't just "strip out" 
dangerous commands.  They aren't "reserved" in the sense that operator
names are in other languages, like COBOL or BASIC. 

In Postscript, operator names are simply keys into a LIFO dictionary. 
This makes Postscript different from other languages because you could
redefine these names if you wanted to.  Stripping something from a
dictionary doesn't matter because, the search sequence is top down.  

If I rewrite an operator name, and put it at the top of the stack, there's
not anything you can do.  

Gee's Perry, even if you haven't stripped something out, I can rewrite it. 
And the interpreter will find the rewritten version before the version
that's in your machine. 

And before someone attacks me for an inelegant "style" these potentially
confusing antics are routinely used under extraordinary circumstances.
There's no malice involved at all, simply real-world operation. 

And this is why the Request-For-Comments from the IETF warns:

   "Postscript is an extensible language, and many, if not most, 
    implementations of it provide their own extensions.  This document
    does not deal with such extensions explicitly since they constitute
    an unknown factor ..."

Is that clearer??  If you thought that you had "safety" cause you stripped
your interpreter, then you're in trouble, cause that doesn't work. 

> but given that Netscape doesn't supply postscript interpreters, its not 
> really their fault or problem.

Well, that line might work on those who don't know any better, but that's
also why the Internet Engineering Task Force (IETF) tries to protect the 
public by suggesting that implementors like Netscape not pass the ball:

    "The execution of general-purpose PostScript interpreters entails
     serious security risks, and implementors are discouraged from simply
     sending PostScript email bodies to "off-the-shelf" interpreters."

Netscape ignores this suggestion.  

I guess that Netscape simply knows more (or cares less??) than the entire
collected wisdom of the International contributors who make up the IETF. 

Gee, there's lotsa wisdom over there at Netscape.




Alice de 'nonymous ...

                                  ...just another one of those...


P.S.  This post is in the public domain.
                  C.  S.  U.  M.  O.  C.  L.  U.  N.  E.