Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cs.utexas.edu!samsung!usc!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: woody@rpp386.cactus.org (Woodrow Baker)
Newsgroups: comp.virus
Subject: Re: Shrink Wrap...still safe?
Message-ID: <0012.9001151235.AA07390@ge.sei.cmu.edu>
Date: 14 Jan 90 01:45:42 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 18
Approved: krvw@sei.cmu.edu

I applogize for posting this here, but my mailer would not
let me reply to someone who replied to a message I posted here.
siia!drd:

	Postscript fonts are executable files.  Like any other postscript
program they have file access, and full unfettered access to the system.
They are for the mostparts, encrypted, but the encryption and decryption
algs are known.  A malicious person could create a font program that could
when run, delete all files off the hard disk, or more viciously, subtly
alter existing fonts from say Adobe, or some other font company.  They
could be altered to do more than just print funny.  They could clear the
page, print messages over pages, corrupt the filesystem (very easy to do
by the way, and in general create all manner of havoc.

The posiblilty is very real.

Cheers
Woody