[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#584013: hyperlatex: Security bugs in ghostscript

On Tue, Jun 01, 2010 at 06:32:56PM +0200, Vincent Danjean wrote:
> Perhaps, gs should have these options enabled by default (and provide other
> options to disable them if needed) instead of requiring to modify all
> programs. It would secure home-made scripts, too.

I agree.  I've found (and reported) a couple of cases where people
calling gs did not use -dSAFER and as a result opened up an attack by
malicious documents that could delete files.  In general, there's no
need to be able to manipulate files from within most PostScript

brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply to: