Hello, On Jul 11 15:08 Cor Blom wrote (excerpt):
Is ghostscript also considered unsafe?
Ghostscript is "by design" insecure because it runs PostScript programs and PDFs, see the explanation about Ghostscript and PostScript/PDF programs in the section "It is crucial to limit access to CUPS to trusted users" in https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings Therefore Ghostscript's generic insecurity is the root cause why processing of PostScript and PDF input is disabled in ImageMagick by default in openSUSE because to process PostScript and PDF input ImageMagick calls Ghostscript which means the user who runs ImageMagick runs a PostScript program or a PDF "program". In general it won't matter what PostScript or PDF interpreter is used to process PostScript or PDF - in any case it means the user must run a PostScript or PDF program. So the root cause behind is that e.g. "just show some graphics" sometimes means one must run programs (from untrusted origin). Kind Regards Johannes Meixner -- SUSE LINUX GmbH - HRB 21284 (AG Nuernberg) GF: Felix Imendoerffer, Mary Higgins, Sri Rasiah -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org