Further gs issues. The "gs scripts" mentioned below are in /usr/bin:
bdftops dumphint dvipdf eps2eps font2c gsbj gsdj gsdj500 gslj gslp gsnd pdf2dsc pdf2ps pdfopt pf2afm pfbtopfa printafm ps2ascii ps2epsi ps2pdf ps2pdf12 ps2pdf13 ps2pdf14 ps2pdfwr ps2ps ps2ps2 wftopfa (maybe others?). The "bad code" is a non-issue (but illustrates quality of ghostscript); the other issues are likely to be execute-any-code, maybe remotely. Maybe the problems below should be "split" into separate bugs. --- Missing -P- and -dSAFER in scripts Bernhard R. Link <brl...@debian.org> noticed that there is no -P- flag on gs invocations in any gs scripts, many are also missing a -dSAFER. Reported to ghostscript: http://bugs.ghostscript.com/show_bug.cgi?id=691355 --- Relative filenames in scripts Many gs scripts use "auxiliary" PS files. No absolute pathnames are used, and thus are tried from "current directory" first, leading to unsafe code execution. Reported to ghostscript: http://bugs.ghostscript.com/show_bug.cgi?id=691356 --- Bad code in scripts Many gs scripts in /usr/bin contain code like: GS_EXECUTABLE=gs gs="`dirname $0`/$GS_EXECUTABLE" if test ! -x "$gs"; then gs="$GS_EXECUTABLE" fi GS_EXECUTABLE=gs Surely that last line is meant to be GS_EXECUTABLE="$gs" as is on "current" gs distribution. But even then is badly written, should probably be: GS_EXECUTABLE=gs gs="`dirname $0`/$GS_EXECUTABLE" if test -x "$gs"; then GS_EXECUTABLE="$gs" fi --- Cheers, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
