Re: Bug#584013: hyperlatex: Security bugs in ghostscript

To: debian-devel@lists.debian.org
Subject: Re: Bug#584013: hyperlatex: Security bugs in ghostscript
From: Vincent Danjean <vdanjean.ml@free.fr>
Date: Tue, 01 Jun 2010 18:32:56 +0200
Message-id: <[🔎] 4C053638.8070603@free.fr>
In-reply-to: <[🔎] 201006011110.o51BA52t015858@bari.maths.usyd.edu.au>
References: <[🔎] 201006011110.o51BA52t015858@bari.maths.usyd.edu.au>

On 01/06/2010 13:10, paul.szabo@sydney.edu.au wrote:
>> (4) Please state clearly what's wrong with the package (hyperlatex in
>> this case). From the other bug reports I deduce that gs calls should be
>> extended with "-P- -dSAFER". This should be done in the hyperlatex
>> source package in bin/ps2image, for the record.
> 
> Yes, that probably should fix things. (Right now things are still unsafe
> even with those options, but I expect gs to be able to fix the remaining
> bugs.)

Perhaps, gs should have these options enabled by default (and provide other
options to disable them if needed) instead of requiring to modify all
programs. It would secure home-made scripts, too.

  Regards,
    Vincent

-- 
Vincent Danjean       GPG key ID 0x9D025E87         vdanjean@debian.org
GPG key fingerprint: FC95 08A6 854D DB48 4B9A  8A94 0BF7 7867 9D02 5E87
Unofficial packages: http://moais.imag.fr/membres/vincent.danjean/deb.html
APT repo:  deb http://perso.debian.org/~vdanjean/debian unstable main

Reply to:

Follow-Ups:
- Re: Bug#584013: hyperlatex: Security bugs in ghostscript
  - From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>

References:
- Re: Bug#584013: hyperlatex: Security bugs in ghostscript
  - From: paul.szabo@sydney.edu.au

Prev by Date: Bug#584127: RFP: libjs-jquery-tablesorter -- Flexible client-side table sorting
Next by Date: Re: Improving in-place upgrades of Ada packages from Lenny to Squeeze
Previous by thread: Re: Bug#584013: hyperlatex: Security bugs in ghostscript
Next by thread: Re: Bug#584013: hyperlatex: Security bugs in ghostscript
Index(es):
- Date
- Thread