[gs-bugs] [Bug 691339] Insecure gs initialization

bugzilla-daemon at ghostscript.com bugzilla-daemon at ghostscript.com
Thu May 27 16:26:29 UTC 2010


http://bugs.ghostscript.com/show_bug.cgi?id=691339

daw-bugzilla at taverner.cs.berkeley.edu changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |daw-bugzilla at taverner.cs.be
                   |                            |rkeley.edu

--- Comment #6 from daw-bugzilla at taverner.cs.berkeley.edu 2010-05-27 16:26:28 UTC ---
I'm surprised this was closed as WONTFIX.  This seems like a security hole to
me.

Saying that it works "as documented" misses the point; the documented behavior
is a security risk.

Hin-Tak Leung writes
> Also it is by design - files specified on the command line are searched for in
> the same way as internal library files. They are both postscript instructions
> and there is no reason to treat then different.

It may be by design, but if so, the design is flawed, because the design is a
security risk.

There is a good reason to treat files under the current directory differently
from internal library files: security.  They have a different trust status. 
Postscript files in a non-user-modifiable library may be trusted, but I
shouldn't need to trust every file that may be lying around in /tmp (those
files might have been created by another user on the system who is malicious).

There's a good reason that security folks tell people not to put "." in your
PATH.

-- 
Configure bugmail: http://bugs.ghostscript.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.


More information about the gs-bugs mailing list