Re: Bug#584013: hyperlatex: Security bugs in ghostscript
On 01/06/2010 13:10, email@example.com wrote:
>> (4) Please state clearly what's wrong with the package (hyperlatex in
>> this case). From the other bug reports I deduce that gs calls should be
>> extended with "-P- -dSAFER". This should be done in the hyperlatex
>> source package in bin/ps2image, for the record.
> Yes, that probably should fix things. (Right now things are still unsafe
> even with those options, but I expect gs to be able to fix the remaining
Perhaps, gs should have these options enabled by default (and provide other
options to disable them if needed) instead of requiring to modify all
programs. It would secure home-made scripts, too.
Vincent Danjean GPG key ID 0x9D025E87 firstname.lastname@example.org
GPG key fingerprint: FC95 08A6 854D DB48 4B9A 8A94 0BF7 7867 9D02 5E87
Unofficial packages: http://moais.imag.fr/membres/vincent.danjean/deb.html
APT repo: deb http://perso.debian.org/~vdanjean/debian unstable main