reopen 584026 reassign 584026 foomatic-filters thanks
Dear Chris, > ... doesn't apply to printconf. foomatic-filters is the only > Foomatic-related package that is affected by calling gs directly, > and I assume your mass-filed bug reports have hit that one too. Sorry, no. Seems my "pick out packages that depend on gs" did not find foomatic-filters, but it (wrongly?) found printconf. Also, I misunderstood you: thought that those foomatic things you spoke about were part of printconf. > If they haven't, you can reopen and reassign this one ... Doing so (attempting) now. > As for foomatic-filters itself: the only files specified on the > command line are /dev/fd/0 and /dev/fd/3, and gs is called with > -DPARANOIDSAFER (which appears to be equivalent to -DSAFER nowadays). > That would seem to narrow the vulnerability window, assuming only > files in /dev/fd could be accessed ... Sorry, you seem to mis-understand the bug. If the command is ever run in a writable directory say after "cd /tmp" then an attacker can cause to run code as the user running foomatic. Say, this is for printing: then surely users can send print files; if they have some control over the name, and foomatic runs in that directory, then it is doomed. Thanks for your help. Cheers, Paul Paul Szabo [email protected] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
