Dear Moritz, > I looked into this during DebConf: We could modify the default ... > but this would cause regressions ...
Yes. All those who wish to call gs in unsafe ways, can (should!) explicitly use -P (and -NOSAFER). The alternative is to ensure all Debian packages explicitly use -P-, but that was "voted down" and branded "mass bug filing". We have a duty of care to the simple user, who innocently types gs myfile.ps or for whom such is run by his mail client or whatever. > I suppose implementing a filepath check as suggested by Werner Fink > is the best course of action. Do you mean http://bugs.ghostscript.com/show_bug.cgi?id=691350#c18 ? Is not that "search only in /usr/share/ghostscript" idea even more restrictive than -P- which excludes "." only? Cheers, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
