[gs-bugs] [Bug 691339] Insecure gs initialization
bugzilla-daemon at ghostscript.com
bugzilla-daemon at ghostscript.com
Thu May 27 16:26:29 UTC 2010
http://bugs.ghostscript.com/show_bug.cgi?id=691339
daw-bugzilla at taverner.cs.berkeley.edu changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |daw-bugzilla at taverner.cs.be
| |rkeley.edu
--- Comment #6 from daw-bugzilla at taverner.cs.berkeley.edu 2010-05-27 16:26:28 UTC ---
I'm surprised this was closed as WONTFIX. This seems like a security hole to
me.
Saying that it works "as documented" misses the point; the documented behavior
is a security risk.
Hin-Tak Leung writes
> Also it is by design - files specified on the command line are searched for in
> the same way as internal library files. They are both postscript instructions
> and there is no reason to treat then different.
It may be by design, but if so, the design is flawed, because the design is a
security risk.
There is a good reason to treat files under the current directory differently
from internal library files: security. They have a different trust status.
Postscript files in a non-user-modifiable library may be trusted, but I
shouldn't need to trust every file that may be lying around in /tmp (those
files might have been created by another user on the system who is malicious).
There's a good reason that security folks tell people not to put "." in your
PATH.
--
Configure bugmail: http://bugs.ghostscript.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the gs-bugs
mailing list