Bug#414002: [gs-common] Retag FTBS

[Bastien ROUCARIES <roucaries.bastien@gmail.com>]

On Sun, Oct 16, 2011 at 11:21 AM, Jonathan Nieder <jrnieder@gmail.com> wrote:
> severity 414002 normal
> found 414002 ghostscript/8.71~dfsg2-6
> quit
>
> Bastien ROUCARIES wrote:
>
>>  texlive-pstricks pdf documentation of pst-geo could not build from
>> source. And even viewed.
>> But you could regress this bug since we have the already built
>> documentation on the tar.bz2
>
> Ah, so you mean the upstream TeXLive pstricks package is another
> testcase, rather than that some Debian package such as texlive-extra
> is failing to build from source.
>
> Ok, lowering severity.  Do you know what was the intent of the checks
> preventing inclusion of files from ../ introduced around 4 years ago
> that Ralf Stubner mentioned?  In modern gs, they seem to be enabled
> by -dSAFER, despite not having anything to do with the description in
> the manpage:

I have no idea

Thanks

Bastien

>        -dSAFER
>                Disables the "deletefile" and "renamefile" operators
>                and the ability to open files in any mode other than
>                read-only.  This strongly recommended for spoolers,
>                conversion scripts or other sensitive environments
>                where a badly written or malicious PostScript program
>                code must be prevented from changing important files.
>
> By contrast with bug#618530, this ".." check kicks in even for "gs -P".
> That is:
>
>        mkdir subdir
>        man -t ls >ls.ps
>
>        echo '(ls.ps) run' | gs;        # displays manpage.
>        echo '(ls.ps) run' | gs -dSAFER;        # fails.
>        echo '(ls.ps) run' | gs -P -dSAFER;     # displays manpage.
>
>        cd subdir
>        echo '(../ls.ps) run' | gs;     # displays manpage.
>        echo '(../ls.ps) run' | gs -dSAFER;     # fails.
>        echo '(../ls.ps) run' | gs -P -dSAFER;  # fails.
>