On Tue, Jun 01, 2010 at 11:33:33AM +1000, Paul Szabo wrote: > Please note remote execute-any-code security bugs in ghostscript: > > http://bugs.debian.org/583183 > > This package suggests ghostscript, and may be affected. Please > evaluate the security of this package, and fix if needed.
Thanks for the heads-up. sdf doesn't change the current directory. It uses Ghostscript in some cases to convert between figure formats (although it doesn't call it directly, only via wrapper scripts such as ps2epsi which don't offer sdf any control over whether -P- is used). Figures are imported files, not generated by sdf itself. I would expect that sdf is almost always invoked in a user's working directory, and the fact that it never tries to change to /tmp or whatever should be sufficient to avoid problems. If a user invokes it in /tmp, then they might expect problems given that sdf has open-arbitrary-file constructs of its own. Is that good enough for you, or are you trying to achieve a higher level of assurance? If the latter, what could sdf reasonably do here? Thanks, -- Colin Watson [cjwat...@debian.org] -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
