Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!zaphod.mps.ohio-state.edu!sdd.hp.com!decwrl!parc!mdixon
From: mdixon@parc.xerox.com (Mike Dixon)
Newsgroups: comp.sys.next
Subject: Re: "file" operator disabled on NeXT 2.0
Message-ID: <mdixon.664489442@owl>
Date: 21 Jan 91 20:24:02 GMT
References: <4900@media-lab.MEDIA.MIT.EDU> <2177@autodesk.COM>
Sender: news@parc.xerox.com
Organization: Xerox PARC
Lines: 16


    >	If you can open up a file for writing from within postscript,
    >then I could send you a piece of postscript in a mail message that
    >would open up your ".login" or ".cshrc" files for writing and write
    >the following command:

    >	/bin/rm -rf ~

    So what? I can send you a piece of C code to do the same. Why is this
    more dangerous inyour view?

because the mail reader doesn't automatically execute pieces of c code
that it finds in messages.  if you've decided to use postscript as
your standard for sending graphics around, you need to assume that
people will execute it without reading it first, and take appropriate
precautions.