NeXTStep with its DisplayPostScript based WindowServer was an amazing playground for these kinds of shenanigans. Perhaps the most extreme was "Project Akira", a fully functioning NFS server you could launch by opening an EPS file. ( <a href="http://www.wizards.de/~frank/franksprojects.html" rel="nofollow">http://www.wizards.de/~frank/franksprojects.html</a> )<p>Slightly less malicious were a whole bunch of EPS files that would play havoc with your screen: "gravity", which would make all your windows drop to the bottom of the screen, "black hole", etc.<p>Fun times.<p>Maybe I should release my Postscript tools for OS X?
Post script is Turing complete. So this is not a long shot at all, in fact since most people consider documents safe, it's a very exploitable attack vector.<p>Pdfs also allow arbitrary code execution, which is not a new result.<p>Here's an older hackernews discussion about the subject: <a href="https://news.ycombinator.com/item?id=4910113" rel="nofollow">https://news.ycombinator.com/item?id=4910113</a>
Any references to best coding practice for PS? For example is there a PS lint? (will start hunting for this)<p>update 1: latex <a href="http://www.latex-project.org" rel="nofollow">http://www.latex-project.org</a> and <a href="http://tex.stackexchange.com/questions/12668/where-do-i-start-latex-programming" rel="nofollow">http://tex.stackexchange.com/questions/12668/where-do-i-star...</a><p>update 0:
so open tools for postscript appear to be really interfacing AGPL ghostscript (postscript) api if you can handle the ^agpl^ restrictions ~ <a href="https://en.wikipedia.org/wiki/Ghostscript" rel="nofollow">https://en.wikipedia.org/wiki/Ghostscript</a>
I've always wanted to trick someone into sending this to the printer:<p><pre><code> %!
initgraphics clippath fill
{ copypage } loop
</code></pre>
Please don't do this! It'll run you out of toner and paper as fast as possible.<p>I'm just surprised I haven't seen more things like this, especially back in the days when postscript was popular.
Had to write postscript for "introduction into stackbased programming" at university.<p>We choose to make complex cylcoid "animations". We controlled the "animation"-speed by using helper routines that slowed down the postscript-viewer by painting nonsense white on white.<p>Downside of this was that it crashed printers and macOS Preview.<p>And the professor actually wanted us to write a parser or something else that could use a stack, but we were pretty satisfied with ourselves.
Some time ago Tavis Ormandy found a bunch of bugs in Ghostscript's sandbox, which would allow arbitrary code execution:<p><a href="http://www.openwall.com/lists/oss-security/2016/10/05/7" rel="nofollow">http://www.openwall.com/lists/oss-security/2016/10/05/7</a><p>Hopefully these bugs are all fixed now, but I wouldn't be surprised if there was more to be found.
After seeing this post[1] of a postcript file, I was wondering if there was any way it could harm my computer, paranoid you could say. Apparently I need to watch out for postscript viewers that allow writing to files. Are there any that allow file writing by default?<p>[1] <a href="https://news.ycombinator.com/item?id=13678251" rel="nofollow">https://news.ycombinator.com/item?id=13678251</a>