Re: Ghostscript 8.64 executes random code at startup

From: paul.szabo@sydney.edu.au
To: bugtraq@securityfocus.com
Cc:
Subject: Re: Ghostscript 8.64 executes random code at startup
Date:


The ghostscript people in
  http://bugs.ghostscript.com/show_bug.cgi?id=691339
told me to use the -P- switch, and marked it "RESOLVED WONTFIX".
I guess -P- should be the default, as well as -dSAFER should be.

The way gv invokes gs is "wrong". For example, using command
  gv /tmp/any.ps
will do:
  chdir("/tmp/")
  execve(..., "gs", ... "-dSAFER", ... "any.ps", ...) 
So gv is careful to use -dSAFER but does not know about -P-.
I notified
  bug-gv@gnu.org
about this, see
  http://bugs.debian.org/583316
also.

Cheers, Paul

Paul Szabo   psz@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.