On Fri, 2004-07-30 at 15:06, Martin-Éric Racine wrote: > (note: I'm not subscribing to this list, please CC me) > > Bug#259993 was submitted on one of my package, tagged as a security risk. > > Upstream has been quite cooperative in asserting the gravity and is very willing > to fix anything that the submitter can demonstrate. The problem is that some of > the submitter's claims appear questionable and that he refuses to substanciate. > > I'm tempted to tag this as wont-fix, but would like this list's input first. This I believe is the same "bug" or "Security Risk" that caused our Mozilla Packager to remove the PS print engine from Mozilla and package it that way. Now, a specific switch passed onto ghostscript needs to be used to fix the issue. From the gs man page: -dSAFER Disables the "deletefile" and "renamefile" operators and the ability to open files in any mode other than read-only. This is desirable for spoolers or any other environments where a malicious or badly written PostScript program must be prevented from changing important files. This is what he is spouting about, I think. Cheers. -- greg, greg@gregfolkert.net The technology that is Stronger, better, faster: Linux
Attachment:
signature.asc
Description: This is a digitally signed message part