found 414002 ghostscript/9.02~dfsg-1
tags 414002 + upstream
retitle 414002 gs -dSAFER: /invalidfileaccess with "run" operator
quit
Jonathan Nieder wrote:
> Confirmed: with version 8.71~dfsg2-6.1 running
>
> man -t ls >ls.1
> echo '(ls.ps) run' | ghostscript -dSAFER
>
> fails with /invalidfileaccess, while with 8.71~dfsg2-6 it succeeds (and if
> ghostscript-x is installed, renders the manpage). This has nothing to do
> with OutputFile, piped input, or relative paths --- something[1] has changed
> to make innocuous _reads_ break with -dSAFER.
The above should say ">ls.ps", not ">ls.1", of course. Sorry for the
nonsense.
> Michael, any hints?
Since the change is upstream, I can stop blaming Michael.
This bisects to r11494 (Dont't search for initialization files in the
current directory first; also revert rev. 11468, 2010-07-07), which
has description
commit 35d24ae5fea94cf4f6bb2983967e0ab9b020bbd0
Author: Alex Cherepanov
Date: Wed Jul 7 17:47:09 2010 +
Dont't search for initialization files in the current directory first
by default because this leads to well-known security and confusion
problems.
Do this only on the user's request by -P switch. Also revert rev. 11468,
which is no longer needed. Bug 691350.
Changing
# Define whether or not searching for initialization files should always
# look in the current directory first. This leads to well-known security
# and confusion problems, but may be convenient sometimes.
SEARCH_HERE_FIRST=0
to 1 and rebuilding seems to get it working again. So it looks like
SEARCH_HERE_FIRST affects more than it's designed to; not sure where
to look next (I guess this should be forwarded to ghostscript
bugzilla).
--
To UNSUBSCRIBE, email to debian-printing-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110421020112.GA25723@elie