Bug#414002: [gs-common] Retag FTBS
On Sun, Oct 16, 2011 at 11:21 AM, Jonathan Nieder <jrnieder@gmail.com> wrote:
> severity 414002 normal
> found 414002 ghostscript/8.71~dfsg2-6
> quit
>
> Bastien ROUCARIES wrote:
>
>> texlive-pstricks pdf documentation of pst-geo could not build from
>> source. And even viewed.
>> But you could regress this bug since we have the already built
>> documentation on the tar.bz2
>
> Ah, so you mean the upstream TeXLive pstricks package is another
> testcase, rather than that some Debian package such as texlive-extra
> is failing to build from source.
>
> Ok, lowering severity. Do you know what was the intent of the checks
> preventing inclusion of files from ../ introduced around 4 years ago
> that Ralf Stubner mentioned? In modern gs, they seem to be enabled
> by -dSAFER, despite not having anything to do with the description in
> the manpage:
I have no idea
Thanks
Bastien
> -dSAFER
> Disables the "deletefile" and "renamefile" operators
> and the ability to open files in any mode other than
> read-only. This strongly recommended for spoolers,
> conversion scripts or other sensitive environments
> where a badly written or malicious PostScript program
> code must be prevented from changing important files.
>
> By contrast with bug#618530, this ".." check kicks in even for "gs -P".
> That is:
>
> mkdir subdir
> man -t ls >ls.ps
>
> echo '(ls.ps) run' | gs; # displays manpage.
> echo '(ls.ps) run' | gs -dSAFER; # fails.
> echo '(ls.ps) run' | gs -P -dSAFER; # displays manpage.
>
> cd subdir
> echo '(../ls.ps) run' | gs; # displays manpage.
> echo '(../ls.ps) run' | gs -dSAFER; # fails.
> echo '(../ls.ps) run' | gs -P -dSAFER; # fails.
>
Reply to: