On Tue, 25 Jun 2019 16:15:44 +0200 "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 25/06/2019 15.01, Martin Wilck wrote:
On Tue, 2019-06-25 at 22:11 +0930, Rodney Baker wrote:
On Monday, 24 June 2019 22:26:53 ACST Michal Suchánek wrote: [...]
That's the point - ghostscript is considered more or less unfixable. Quoting from the non-public bug where the apparmor profile was introduced: "With the current set of ghostscript security issues and likely more coming, we should audit the current users of ghostscript and remove it where it is not strictly necessary, or at least confine it using apparmor. [...] Basically processing untrusted input with ghostscript is a hopeless case and should be disabled." Yet ghostscript is at the heart of Linux printing, so it couldn't simply be ditched. Thus using apparmor is only logical - it confines ghostscript from an external, security-focused point of view.
Is that the reason why printing is switching to PDF?
heh, what a joke. Initially PDF was well-defined format carrying data (rather than programming language like postscript). This did not allow for nifty ticks (like tiny postscript raytracer that generates detailed image) but allowed for interpretation of the data securely with well-defined resource usage. Then Adobe added forms, JavaScript support, embedded 3D drawings, and whatnot. /o\