Mailinglist Archive: opensuse-factory (443 mails)

< Previous Next >
Re: [opensuse-factory] LyX and ImageMagick

Hello,

On Jul 11 15:08 Cor Blom wrote (excerpt):
Is ghostscript also considered unsafe?

Ghostscript is "by design" insecure because it runs
PostScript programs and PDFs, see the explanation about
Ghostscript and PostScript/PDF programs in the section
"It is crucial to limit access to CUPS to trusted users" in
https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings

Therefore Ghostscript's generic insecurity is the root cause
why processing of PostScript and PDF input is disabled
in ImageMagick by default in openSUSE because to process
PostScript and PDF input ImageMagick calls Ghostscript
which means the user who runs ImageMagick runs a
PostScript program or a PDF "program".

In general it won't matter what PostScript or PDF interpreter
is used to process PostScript or PDF - in any case it means
the user must run a PostScript or PDF program.

So the root cause behind is that e.g. "just show some graphics"
sometimes means one must run programs (from untrusted origin).


Kind Regards
Johannes Meixner
--
SUSE LINUX GmbH - HRB 21284 (AG Nuernberg)
GF: Felix Imendoerffer, Mary Higgins, Sri Rasiah

--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >