[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug-gv] Re: Security issues
|
From: |
paul . szabo |
|
Subject: |
[bug-gv] Re: Security issues |
|
Date: |
Sun, 30 May 2010 20:02:28 +1000 |
Bernhard R. Link <address@hidden> wrote:
> 3) Scaning pdf2dsc using pdf2dsc.ps
> Related to 2, there is an other issue: The scanning is done by
> pdf2dsc.ps, which is specified on the command line. As far as I can
> tell, gs looks for files specified as command line arguments in the
> current directory first, even with -P-. So even with -P- this could
> be exploited by adding a pdf2dsc.ps in the current directory (think
> /tmp). I do not know how to fix this best. Perhaps shipping a postscript
> file with gv (thus one has an absolute path) that reads and executes
> the one from the system path?
Is not this a gs issue (as distinct from gv)? My Debian pdf2dsc bits
come from package ghostscript.
Is not it sufficient to modify the /usr/bin/pdf2dsc script to contain an
absolute path for pdf2dsc.ps i.e. to include
exec "$GS_EXECUTABLE" -q -P- -dNODISPLAY -dSAFER -dDELAYSAFER\
-sPDFname="$pdffile" -sDSCname="$dscfile"\
/usr/share/ghostscript/8.62/lib/pdf2dsc.ps -c quit
(or somesuch)?
---
Looking in that /usr/bin/pdf2dsc script, I see:
GS_EXECUTABLE=gs
gs="`dirname $0`/$GS_EXECUTABLE"
if test ! -x "$gs"; then
gs="$GS_EXECUTABLE"
fi
GS_EXECUTABLE=gs
Should not that last line be
GS_EXECUTABLE="$gs"
? Even then the script is badly written, should probably be:
GS_EXECUTABLE=gs
gs="`dirname $0`/$GS_EXECUTABLE"
if test -x "$gs"; then
GS_EXECUTABLE="$gs"
fi
---
Should either of the above be reported to ghostscript or to Debian?
Cheers, Paul
Paul Szabo address@hidden http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia