On Mon, 28 Aug 2006, John D. Hardin wrote:
A poll for the list: do you consider it reasonable for a plugin to
require ghostscript?
(Assume for the sake of argument that rendering postscript is
necessary to the analysis the plugin is performing.)
Are you proposing that data coming from the big, bad internet
should be fed into ghostscript? If so, I would be a little
uncomfortable with that idea since postscript is a language and
ghostscript is an interpreter for that language. This raises
all the same issues as sandboxing untrusted java applets.
I can see, looking at the manual page, that there is a
"-dSAFER" option. This is probably necessary but may or may
not sufficient to eliminate any risk from running untrusted
postscript. I'm not really sure. At any rate, the point is
that this is a potential security issue to be aware of.
- Logan
