Re: WWW Security Hole -- Bull!

Keith Moore ([email protected])
Thu, 12 Aug 1993 23:41:44 -0400


To: Marc VanHeyningen <[email protected]>,
[email protected]
Subject: Re: WWW Security Hole -- Bull!
Date: Thu, 12 Aug 93 19:45:33 EDT

> Don't take this wrong (i.e., from the tone of the last two messages), but
> what about MIME??! The MIME/ghostview security hole was potentially
> much more devastating than the one you've uncovered for many reasons.
> From your analysis, I would say that we should throw out MIME...

I beg your pardon. MIME itself doesn't have a ghostview security hole. The
MIME spec has a long section on the security risks assocaited with the
application/postscript content-type. (No doubt some will say that MIME
should not have allowed a postscript type at all due to the inherent
security hazards...)

The gopher security problem is just an example of why any content-type needs
to be scrutinized for security holes, before using it.

Keith Moore