Bug#414002: ghostscript: cannot open OutputFile if -dSAFER specified with piped or interactive input

[Jonathan Nieder <jrnieder@gmail.com>]

found 414002 ghostscript/9.02~dfsg-1
tags 414002 + upstream
retitle 414002 gs -dSAFER: /invalidfileaccess with "run" operator
quit

Jonathan Nieder wrote:

> Confirmed: with version 8.71~dfsg2-6.1 running
> 
> 	man -t ls >ls.1
> 	echo '(ls.ps) run' | ghostscript -dSAFER
>
> fails with /invalidfileaccess, while with 8.71~dfsg2-6 it succeeds (and if
> ghostscript-x is installed, renders the manpage).  This has nothing to do
> with OutputFile, piped input, or relative paths --- something[1] has changed
> to make innocuous _reads_ break with -dSAFER.

The above should say ">ls.ps", not ">ls.1", of course.  Sorry for the
nonsense.

> Michael, any hints?

Since the change is upstream, I can stop blaming Michael.

This bisects to r11494 (Dont't search for initialization files in the
current directory first; also revert rev. 11468, 2010-07-07), which
has description

 commit 35d24ae5fea94cf4f6bb2983967e0ab9b020bbd0
 Author: Alex Cherepanov <alex.cherepanov@artifex.com>
 Date:   Wed Jul 7 17:47:09 2010 +0000

     Dont't search for initialization files in the current directory first
     by default because this leads to well-known security and confusion problems.
     Do this only on the user's request by -P switch. Also revert rev. 11468,
     which is no longer needed. Bug 691350.

Changing

 # Define whether or not searching for initialization files should always
 # look in the current directory first.  This leads to well-known security
 # and confusion problems,  but may be convenient sometimes.
 
 SEARCH_HERE_FIRST=0

to 1 and rebuilding seems to get it working again.  So it looks like
SEARCH_HERE_FIRST affects more than it's designed to; not sure where
to look next (I guess this should be forwarded to ghostscript
bugzilla).