I wrote a few days ago:
>> So "-P-" may work with GNU gv - but some testing would help before
>> changing the defaults.
>
> I will try to dig up the file I was testing with, and re-do the tests.
> My vague memory is that the layout of the two-page-per-sheet file
> changed with -P-.
File sent pri
* Markus Steinborn [100529 19:52]:
> Something does completely wrong (__not__ running debian):
I realized that, too. I've written two mails to http://bugs.debian.org/58183:
Ghostscript seems to simply ignore the -P- option (or rather does
something, but without any effect).
Anyone has a ghostscr
Something does completely wrong (__not__ running debian):
mstei...@acer:/tmp/2>cp /usr/share/cups/data/testprint.ps .
mstei...@acer:/tmp/2>touch gs_init.ps
mstei...@acer:/tmp/2>gs -P- -dSAFER testprint.ps
GPL Ghostscript 8.71: Initialization file gs_init.ps does not begin with
an integer.
mste
* Markus Steinborn [100529 12:49]:
> Well, the DSC parsing seems to be "-dSAFER"-incompatible. But with the
> following settings I can open ps and pdf files - and pdf to postscript
> conversion has sucessfully been tested on an example.
Looking at the commit that introduced removing the path
paul.sz...@sydney.edu.au schrieb:
Sorry, but my ltrace or strace shows otherwise: gv does NOT use mkstemp,
gv does NOT open the file but gs does. (Thankfully gv seems to set a sane
"umask 077" before invoking gs.)
Well, that may be explained that debian lenny is shipped with a rather
old ver
Markus Steinborn wrote:
> Well, the DSC parsing seems to be "-dSAFER"-incompatible. But with the
> following settings I can open ps and pdf files - and pdf to postscript
> conversion has sucessfully been tested on an example.
>
> $ cat .gv
> GV.gsArguments: -P- -dFIXEDMEDIA
> GV.antiali
Markus Steinborn wrote:
> vail.sz...@sydney.edu.au schrieb:
Surely you meant paul.sz...@sydney.edu.au .
>> I wrote a while ago:
>>
>>> I slightly wonder about the writing of the tmp file
>>>open("/tmp/gv_random_some.pdf.tmp", O_WRONLY|O_CREAT|O_TRUNC, 0666)
>>> from within gs (no O_EXCL
paul.sz...@sydney.edu.au schrieb:
Would it be possible to give the "unsafe" gs invocations an explicit
-dNOSAFER or somesuch argument, to override whatever I may set in my
wrapper, and to handle gs changing their defaults to secure settings?
Dunno. But currently ghostscript upstream says: WO
Markus Steinborn schrieb:
Well, then I can close the bug upstream. But for debian, it has to be
kept open - as lenny is vulnerable.
Addendum: Of cause only the part of the original bug report that
addresses file handling, not the options "-P-", "-dSAFE" and related.
--
To UNSUBSCRIBE, email
Bernhard R. Link schrieb:
* Markus Steinborn [100529 12:49]:
Well, the DSC parsing seems to be "-dSAFER"-incompatible. But with the
following settings I can open ps and pdf files - and pdf to postscript
conversion has sucessfully been tested on an example.
Looking at the commit that
paul.sz...@sydney.edu.au schrieb:
Yes that is what I do:
#!/usr/bin/perl --
#...
$c = $0;
$c =~ s/.*\///;
exec "/usr/bin/$c", '-P-', '-dSAFER', @ARGV;
and my testing suggested it breaks gv.
Well, the DSC parsing seems to be "-dSAFER"-incompatible. But with the
following settings I can open
Markus Steinborn wrote:
> PS: If using a wrapper for calling "gs", make sure that "-P-" is added
> to the beginning of the parameters, not at the end. That may be a cause
> why GNU gv does not work with a wrapper.
Yes that is what I do:
#!/usr/bin/perl --
#...
$c = $0;
$c =~ s/.*\///;
exec "/
vail.sz...@sydney.edu.au schrieb:
I wrote a while ago:
I slightly wonder about the writing of the tmp file
open("/tmp/gv_random_some.pdf.tmp", O_WRONLY|O_CREAT|O_TRUNC, 0666)
from within gs (no O_EXCL so would follow a symlink allowing clobber).
It is not for gs to verify the secur
Bernhard R. Link schrieb:
* paul.sz...@sydney.edu.au [100527 06:39]:
I have been using a wrapper around gs that sets both -P- -dSAFER.
That seems to work fine for viewing PS files, but does NOT allow
gv to work for PDFs: the (first?) invoked gs cannot have either of
those "security options"
* paul.sz...@sydney.edu.au [100527 06:39]:
> I have been using a wrapper around gs that sets both -P- -dSAFER.
> That seems to work fine for viewing PS files, but does NOT allow
> gv to work for PDFs: the (first?) invoked gs cannot have either of
> those "security options" when attempting "gv some
I guess this issue can be exploited remotely.
If /etc/mailcap uses gs, then we are done: neither -P- nor -dSAFER are
defaults.
My Debian /etc/mailcap uses gv, and gv knows to use -dSAFER. First
"feed" the victim a "bad" PS file named gs_res.ps or pdf_base.ps or
similar. No harm done yet. Then "fe
I wrote a while ago:
> I slightly wonder about the writing of the tmp file
> open("/tmp/gv_random_some.pdf.tmp", O_WRONLY|O_CREAT|O_TRUNC, 0666)
> from within gs (no O_EXCL so would follow a symlink allowing clobber).
It is not for gs to verify the security of the tmp file passed as
argument (i
I have been using a wrapper around gs that sets both -P- -dSAFER.
That seems to work fine for viewing PS files, but does NOT allow
gv to work for PDFs: the (first?) invoked gs cannot have either of
those "security options" when attempting "gv some.pdf".
As with PS files, "gv /tmp/some.pdf" first d
Package: gv
Version: 1:3.6.5-2
Severity: grave
File: /usr/bin/gv
Tags: security
Justification: user security hole
Please see
http://bugs.ghostscript.com/show_bug.cgi?id=691339
http://bugs.debian.org/583183
for details: gv should use the -P- switch when invoking gs.
Thanks, Paul
Paul Szabo
19 matches
Mail list logo
