[gs-bugs] [Bug 691339] Insecure gs initialization
bugzilla-daemon at ghostscript.com
bugzilla-daemon at ghostscript.com
Thu May 27 12:56:47 UTC 2010
http://bugs.ghostscript.com/show_bug.cgi?id=691339
--- Comment #5 from Hin-Tak Leung <hintak at ghostscript.com> 2010-05-27 12:56:45 UTC ---
(In reply to comment #3)
> Not properly a gs issue, but the way gv invokes gs is "wrong". For
> example, using command
> gv /tmp/any.ps
> will do:
> chdir("/tmp/")
> execve(..., "gs", ... "-dSAFER", ... "any.ps", ...)
> So gv is careful to use -dSAFER but does not know about -P-. Maybe the
> documentation about -P- could be more forceful, maybe it could be made
> the default, or maybe -dSAFER could imply -P- also. I guess this is a
> "bug" in gv, and someone will need to notify them...
We can't control how other open-source projects use ghostscript - please
contact the relevant gv people in the regard, and we'd appreciate that.
(In reply to comment #4)
> I know you won't fix, but... a "proper" design would search $HOME
> or $HOME/.ghostscript for the various files, not current dir ".".
That's not a portable solution (does not work on windows) - and why would we
search $HOME? We just want -J GS_LIB to work, the current directory is simply a
convenience/business need. There is no reason to support loading from $HOME (or
a user-specific persistent preference).
--
Configure bugmail: http://bugs.ghostscript.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the gs-bugs
mailing list