enscript -e option a security risk?
In looking through the print filter generated by magicfilter, I
noticed that it gives the -e option to GNU enscript. The -e
option turns on special "escapes", including the following as
documented in the enscript manpage:
epsf inline EPS file to the document. Escape's syntax
is:
^@epsf[options]{filename}
where options is an optional sequence of option
characters and values enclosed with brackets and
filename is the name of the EPS file.
If filename ends to the `|' character, then file-
name is assumed to name a command that prints EPS
data to its standard output. In this case,
enscript opens a pipe to the specified command and
reads EPS data from pipe.
It seems to me that this is a security risk. Agreed? If so,
I'll file a bug against magicfilter asking that this option be
removed from the filters. This option is present in several
filters, by the way:
pfaffben:/etc/magicfilter# grep -l 'enscript.*-e' *
bj600-filter
bj600_draft-filter
bj610-filter
bj800-filter
bj800_draft-filter
cpsonly300-filter
cpsonly400-filter
cpsonly600-filter
psonly300-filter
psonly400-filter
pfaffben:/etc/magicfilter#
--
"A computer is a state machine.
Threads are for people who cant [sic] program state machines."
--Alan Cox
Reply to: