Mailinglist Archive: opensuse-bugs (5379 mails)
| < Previous | Next > |
[Bug 608071] VUL-0: ghostscript: executes random code on startup (does not verify ownership of sensitive files used)
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Tue, 1 Jun 2010 16:47:14 +0000
- Message-id: <20100601164714.118F4CC7D4@xxxxxxxxxxxxxxxxxxxxxx>
http://bugzilla.novell.com/show_bug.cgi?id=608071
http://bugzilla.novell.com/show_bug.cgi?id=608071#c22
--- Comment #22 from Christopher Yeleighton <giecrilj@xxxxxxxxxxxx> 2010-06-01
16:47:12 UTC ---
OTOH, if you selectively disable the code that loads encodings at startup, at
least this particular issue will be fixed and this action would be unlikely to
break anything.
As an example, the following steps shows that Ghostscript can load encoding at
run time:
1. $ mkdir Encoding
2. $ gs
3. $ echo '(gs_il2_e.ps) runlibfile'>Encoding/ISOLatin2Encoding
4. GS> /ISOLatin2Encoding findencoding
The command /findencoding succeeds although ISOLatin2Encoding was not loaded at
startup.
Note: Due to the way Ghostscript is constructed, you have to { rm
Encoding/ISOLatin2Encoding; } now or Ghostscript will fail next time you start
it.
Leave to Ghostscript startup code the encodings it explicitly wants to have,
but trying to preload whatever can be found is CRAZY.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=608071#c22
--- Comment #22 from Christopher Yeleighton <giecrilj@xxxxxxxxxxxx> 2010-06-01
16:47:12 UTC ---
OTOH, if you selectively disable the code that loads encodings at startup, at
least this particular issue will be fixed and this action would be unlikely to
break anything.
As an example, the following steps shows that Ghostscript can load encoding at
run time:
1. $ mkdir Encoding
2. $ gs
3. $ echo '(gs_il2_e.ps) runlibfile'>Encoding/ISOLatin2Encoding
4. GS> /ISOLatin2Encoding findencoding
The command /findencoding succeeds although ISOLatin2Encoding was not loaded at
startup.
Note: Due to the way Ghostscript is constructed, you have to { rm
Encoding/ISOLatin2Encoding; } now or Ghostscript will fail next time you start
it.
Leave to Ghostscript startup code the encodings it explicitly wants to have,
but trying to preload whatever can be found is CRAZY.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
| < Previous | Next > |