Re: advice needed on how to proceed

To: Greg Folkert <greg@gregfolkert.net>
Cc: DebianSecurity List <debian-security@lists.debian.org>
Subject: Re: advice needed on how to proceed
From: Florian Zumbiehl <florz@gmx.de>
Date: Sun, 1 Aug 2004 07:26:37 +0200
Message-id: <[🔎] 20040801052637.GB5253@florz.florz.dyndns.org>
In-reply-to: <1091222877.26528.55.camel@duke.gregfolkert.net>
References: <Pine.LNX.4.21.0407302155350.681-100000@hal.pp.fishpool.fi> <1091222877.26528.55.camel@duke.gregfolkert.net>

Hi,

I just noticed this thread ...

> Now, a specific switch passed onto ghostscript needs to be used to fix
> the issue.
> 
> From the gs man page:
> 
>         -dSAFER 
>                 Disables the "deletefile" and "renamefile" operators and
>                 the ability to open files in any mode other than
>                 read-only. This is desirable for spoolers or any other
>                 environments where a malicious or badly written
>                 PostScript program must be prevented from changing
>                 important files.
> 
> This is what he is spouting about, I think.

Yep, that's one of the four issues, meanwhile bug #262402:

| "File operations" refers to the postscript program that is executed by
| ghostscript here. Something along the lines of -dSAFER is needed to
| make this safe, however I'm not sure as to which options are needed.
| Maybe, it can't be made safe at all if gs is run as root.

-dSAFER probably is much better than nothing, but are you sure that it's
sufficient? Isn't it still possible to read arbitrary files with root
privileges?

Cya, Florian

Reply to:

Next by Date: Re: advice needed on how to proceed
Next by thread: Re: advice needed on how to proceed
Index(es):
- Date
- Thread