Re: advice needed on how to proceed
Hi,
I just noticed this thread ...
> Now, a specific switch passed onto ghostscript needs to be used to fix
> the issue.
>
> From the gs man page:
>
> -dSAFER
> Disables the "deletefile" and "renamefile" operators and
> the ability to open files in any mode other than
> read-only. This is desirable for spoolers or any other
> environments where a malicious or badly written
> PostScript program must be prevented from changing
> important files.
>
> This is what he is spouting about, I think.
Yep, that's one of the four issues, meanwhile bug #262402:
| "File operations" refers to the postscript program that is executed by
| ghostscript here. Something along the lines of -dSAFER is needed to
| make this safe, however I'm not sure as to which options are needed.
| Maybe, it can't be made safe at all if gs is run as root.
-dSAFER probably is much better than nothing, but are you sure that it's
sufficient? Isn't it still possible to read arbitrary files with root
privileges?
Cya, Florian
Reply to: