Re: Re: Freeze exception: foomatic-filters 4.0.5
On 01/-10/-28163 08:59 PM, Julien Cristau wrote:
> On Thu, Aug 12, 2010 at 10:27:32 +0200, Didier 'OdyX' Raboud wrote:
>
>> So it is IMHO safe to allow on the Debian side too. What do you think ?
>>
> Ignoring the upstream changes for a moment, I'm uncomfortable with the
> packaging overhaul.
I think the new packaging is much better than the classic one, the
debian/rules file is less cluttered, consisting more or less only of the
exceptions from a standard build, and the changes and additions against
the original source (usually only the debian/ directory) in a tarball,
allowing also to set permissions, include empty files, ...
> Lots of buffers with a static size in this code btw, it makes baby Jesus
> cry. At the very least people should learn sizeof or #define instead of
> having to remember all the places they need to change the size of the
> buffers.
>
This problem existed already from foomatic-filters 4.0.0 on, so it is
not newly introduced with 4.0.5, so it should not be the reason to
reject a Feature-Freeze exception.
Lars, can you look into changing the code not to use statically-sized
buffers or at least make it easier to change the size of the buffers?
> Things like pdf_count_pages make me think shell code injection, but I
> don't know what privileges it's running with or if it controls the file
> name.
It is usually running as the user "lp". The input file is not directly
executed by Ghostscript as a PostScript program, but read in as a PDF
file for the PDF interpreter. So inserting a malicious PostScript
program as input file here should not work.
If foomatic-rip does not run as the calling user, it is run by CUPS as
the user "lp". Then CUPS supplies the file name (usually of a temporary
file which CUPS has put into /tmp. If foomatic-rip is called by CUPS
with data streaming from stdin, foomatic-rip creates a temporary file by
itself and generates the name for it. Then the function is called with
this temporary file.
Till
Reply to: