[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#584013: hyperlatex: Security bugs in ghostscript

On 01/06/2010 13:10, paul.szabo@sydney.edu.au wrote:
>> (4) Please state clearly what's wrong with the package (hyperlatex in
>> this case). From the other bug reports I deduce that gs calls should be
>> extended with "-P- -dSAFER". This should be done in the hyperlatex
>> source package in bin/ps2image, for the record.
> Yes, that probably should fix things. (Right now things are still unsafe
> even with those options, but I expect gs to be able to fix the remaining
> bugs.)

Perhaps, gs should have these options enabled by default (and provide other
options to disable them if needed) instead of requiring to modify all
programs. It would secure home-made scripts, too.


Vincent Danjean       GPG key ID 0x9D025E87         vdanjean@debian.org
GPG key fingerprint: FC95 08A6 854D DB48 4B9A  8A94 0BF7 7867 9D02 5E87
Unofficial packages: http://moais.imag.fr/membres/vincent.danjean/deb.html
APT repo:  deb http://perso.debian.org/~vdanjean/debian unstable main

Reply to: