[gs-bugs] [Bug 691350] gs_init.ps tried in current dir despite -P-
bugzilla-daemon at ghostscript.com
bugzilla-daemon at ghostscript.com
Mon Jul 12 07:45:06 UTC 2010
http://bugs.ghostscript.com/show_bug.cgi?id=691350
--- Comment #18 from Dr. Werner Fink <werner at suse.de> 2010-07-12 07:45:02 UTC ---
@Ray: It is a simple security risk to allow reading configuration files
from the working directory. Think about /tmp or /var/tmp and
a modified gs_init.ps ... or a simply tar or zip archive including
such a modified gs_init.ps. With this any user of gs will become
an attack victim. Maybe the search scheme should be able to detect
if a file is part of the tree below /usr/share/ghostscript/<version>
and accept any path below this even if not explicitly mentioned in
the default GS_LIB path.
For glibc based systems the way could be the clibc function call
realpath(3) which is declared for (_BSD_SOURCE || _XOPEN_SOURCE >= 500)
with the real path of /usr/share/ghostscript/<version> in comparision
to any real path of a configuration file it is possible to determine
if the last one is below to the first one.
--
Configure bugmail: http://bugs.ghostscript.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the gs-bugs
mailing list