[gs-bugs] [Bug 691356] New: Relative filenames in scripts

bugzilla-daemon at ghostscript.com bugzilla-daemon at ghostscript.com
Mon May 31 22:23:48 UTC 2010


           Summary: Relative filenames in scripts
           Product: Ghostscript
           Version: 8.64
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: critical
          Priority: P4
         Component: General
        AssignedTo: support at artifex.com
        ReportedBy: paul at maths.usyd.edu.au
         QAContact: gs-bugs at ghostscript.com
   Estimated Hours: 0.0

Many gs scripts use "auxiliary" PS files. No absolute pathnames are
used, and thus are tried from "current directory" first, leading to
unsafe code execution. Scripts in in /usr/bin:

  bdftops dumphint dvipdf eps2eps font2c gsbj gsdj gsdj500 gslj gslp
  gsnd pdf2dsc pdf2ps pdfopt pf2afm pfbtopfa printafm ps2ascii ps2epsi
  ps2pdf ps2pdf12 ps2pdf13 ps2pdf14 ps2pdfwr ps2ps ps2ps2 wftopfa

See also
Shame that GS developers do not know how to use GS safely.


Paul Szabo   psz at maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Configure bugmail: http://bugs.ghostscript.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the gs-bugs mailing list