Bug#618530: ghostscript: cannot open OutputFile if -dSAFER specified with piped or interactive input
fixed 618530 ghostscript/8.71~dfsg2-6
found 618530 ghostscript/8.71~dfsg2-6.1
found 618530 ghostscript/9.01~dfsg-2
tags 618530 + confirmed
# regression
severity 618530 important
retitle 618530 gs -dSAFER: /invalidfileaccess with "run" operator
forcemerge 414002 618530
quit
Hi again,
Ralph Smith wrote:
> Surprisingly, the invalid file access does not occur in any of the versions
> you suggested, but returns when I upgrade to the current version
> (8.71~dfsg2-9). For each case, I installed ghostscript, libgs8 and
> gs-common debs for the test.
Confirmed: with version 8.71~dfsg2-6.1 running
man -t ls >ls.1
echo '(ls.ps) run' | ghostscript -dSAFER
fails with /invalidfileaccess, while with 8.71~dfsg2-6 it succeeds (and if
ghostscript-x is installed, renders the manpage). This has nothing to do
with OutputFile, piped input, or relative paths --- something[1] has changed
to make innocuous _reads_ break with -dSAFER.
Michael, any hints?
Jonathan
[1] via debian/patches/1010_CVE-2010-2055.patch
Reply to: