http://bugzilla.novell.com/show_bug.cgi?id=608071
http://bugzilla.novell.com/show_bug.cgi?id=608071#c26
--- Comment #26 from Johannes Meixner 2010-06-02 10:33:48 UTC ---
Created an attachment (id=366379)
--> (http://bugzilla.novell.com/attachment.cgi?id=366379)
fix-Use.htm-for-SEARCH_HERE_FIRST-0.patch
A proposal how to patch the documentation in Use.htm
for ghostscript-8.70 if SEARCH_HERE_FIRST=0 is used.
As far as I see it is sufficient to fix the documentation
in Use.htm because nowhere else is '-P-' mentioned
(in particular not in "man gs") and furthermore "gs -h"
points to Use.htm (below the "Search path" output).
By the way:
According to
http://www.ghostscript.com/doc/7.07/Use.htm#Finding_files
the Ghostscript authors already agree that "trying the
current directory first is a very bad idea" because it
"opens serious security loopholes" but they didn't fix
the security bug only because some users complained :-(
I also agree that a parameter that makes gs safer does not matter
as long as it is not the default (see comment #12).
I think that at least all Linux distributions should fix
Ghostscript accordingly regardless if some users might
then complain that they must use the -P (or -I) switch
if they need the current directory.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.