I wrote a few days ago:
So -P- may work with GNU gv - but some testing would help before
changing the defaults.
I will try to dig up the file I was testing with, and re-do the tests.
My vague memory is that the layout of the two-page-per-sheet file
changed with -P-.
File sent privately to
Bernhard R. Link schrieb:
* paul.sz...@sydney.edu.aupaul.sz...@sydney.edu.au [100527 06:39]:
I have been using a wrapper around gs that sets both -P- -dSAFER.
That seems to work fine for viewing PS files, but does NOT allow
gv to work for PDFs: the (first?) invoked gs cannot have either of
vail.sz...@sydney.edu.au schrieb:
I wrote a while ago:
I slightly wonder about the writing of the tmp file
open(/tmp/gv_random_some.pdf.tmp, O_WRONLY|O_CREAT|O_TRUNC, 0666)
from within gs (no O_EXCL so would follow a symlink allowing clobber).
It is not for gs to verify the
Markus Steinborn gnugv_maintai...@yahoo.de wrote:
PS: If using a wrapper for calling gs, make sure that -P- is added
to the beginning of the parameters, not at the end. That may be a cause
why GNU gv does not work with a wrapper.
Yes that is what I do:
#!/usr/bin/perl --
#...
$c = $0;
$c
paul.sz...@sydney.edu.au schrieb:
Yes that is what I do:
#!/usr/bin/perl --
#...
$c = $0;
$c =~ s/.*\///;
exec /usr/bin/$c, '-P-', '-dSAFER', @ARGV;
and my testing suggested it breaks gv.
Well, the DSC parsing seems to be -dSAFER-incompatible. But with the
following settings I can open ps
Bernhard R. Link schrieb:
* Markus Steinborngnugv_maintai...@yahoo.de [100529 12:49]:
Well, the DSC parsing seems to be -dSAFER-incompatible. But with the
following settings I can open ps and pdf files - and pdf to postscript
conversion has sucessfully been tested on an example.
Markus Steinborn schrieb:
Well, then I can close the bug upstream. But for debian, it has to be
kept open - as lenny is vulnerable.
Addendum: Of cause only the part of the original bug report that
addresses file handling, not the options -P-, -dSAFE and related.
--
To UNSUBSCRIBE, email to
paul.sz...@sydney.edu.au schrieb:
Would it be possible to give the unsafe gs invocations an explicit
-dNOSAFER or somesuch argument, to override whatever I may set in my
wrapper, and to handle gs changing their defaults to secure settings?
Dunno. But currently ghostscript upstream says:
Markus Steinborn gnugv_maintai...@yahoo.de wrote:
vail.sz...@sydney.edu.au schrieb:
Surely you meant paul.sz...@sydney.edu.au .
I wrote a while ago:
I slightly wonder about the writing of the tmp file
open(/tmp/gv_random_some.pdf.tmp, O_WRONLY|O_CREAT|O_TRUNC, 0666)
from within gs
Markus Steinborn gnugv_maintai...@yahoo.de wrote:
Well, the DSC parsing seems to be -dSAFER-incompatible. But with the
following settings I can open ps and pdf files - and pdf to postscript
conversion has sucessfully been tested on an example.
$ cat .gv
GV.gsArguments: -P-
paul.sz...@sydney.edu.au schrieb:
Sorry, but my ltrace or strace shows otherwise: gv does NOT use mkstemp,
gv does NOT open the file but gs does. (Thankfully gv seems to set a sane
umask 077 before invoking gs.)
Well, that may be explained that debian lenny is shipped with a rather
old
* Markus Steinborn gnugv_maintai...@yahoo.de [100529 12:49]:
Well, the DSC parsing seems to be -dSAFER-incompatible. But with the
following settings I can open ps and pdf files - and pdf to postscript
conversion has sucessfully been tested on an example.
Looking at the commit that
Something does completely wrong (__not__ running debian):
mstei...@acer:/tmp/2cp /usr/share/cups/data/testprint.ps .
mstei...@acer:/tmp/2touch gs_init.ps
mstei...@acer:/tmp/2gs -P- -dSAFER testprint.ps
GPL Ghostscript 8.71: Initialization file gs_init.ps does not begin with
an integer.
* Markus Steinborn gnugv_maintai...@yahoo.de [100529 19:52]:
Something does completely wrong (__not__ running debian):
I realized that, too. I've written two mails to http://bugs.debian.org/58183:
Ghostscript seems to simply ignore the -P- option (or rather does
something, but without any
I guess this issue can be exploited remotely.
If /etc/mailcap uses gs, then we are done: neither -P- nor -dSAFER are
defaults.
My Debian /etc/mailcap uses gv, and gv knows to use -dSAFER. First
feed the victim a bad PS file named gs_res.ps or pdf_base.ps or
similar. No harm done yet. Then feed
* paul.sz...@sydney.edu.au paul.sz...@sydney.edu.au [100527 06:39]:
I have been using a wrapper around gs that sets both -P- -dSAFER.
That seems to work fine for viewing PS files, but does NOT allow
gv to work for PDFs: the (first?) invoked gs cannot have either of
those security options when
I wrote a while ago:
I slightly wonder about the writing of the tmp file
open(/tmp/gv_random_some.pdf.tmp, O_WRONLY|O_CREAT|O_TRUNC, 0666)
from within gs (no O_EXCL so would follow a symlink allowing clobber).
It is not for gs to verify the security of the tmp file passed as
argument (it
Package: gv
Version: 1:3.6.5-2
Severity: grave
File: /usr/bin/gv
Tags: security
Justification: user security hole
Please see
http://bugs.ghostscript.com/show_bug.cgi?id=691339
http://bugs.debian.org/583183
for details: gv should use the -P- switch when invoking gs.
Thanks, Paul
Paul Szabo
I have been using a wrapper around gs that sets both -P- -dSAFER.
That seems to work fine for viewing PS files, but does NOT allow
gv to work for PDFs: the (first?) invoked gs cannot have either of
those security options when attempting gv some.pdf.
As with PS files, gv /tmp/some.pdf first does
19 matches
Mail list logo
