I have reported at least two different vulnerabilities against Debian packages that are caused by invoking gs without -dSAFER. They are extremely trivial to find and create working exploits for. It is very common for programs to use gs on untrusted input; in fact, it is often used to fix broken input. The incidence of cases in which the user does not want the behavior of -dSAFER is extremely low. This makes -dSAFER a logical default. I'm personally just fine looking for more of these types of vulnerabilities as long as -dSAFER isn't the default. However, I suspect the Debian Security Team would prefer to handle fewer vulnerabilities of this class, and clearly Debian users would benefit from not having their files deleted by malicious PostScript. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: Digital signature