gs: Insecure gs initialization

Paul Szabo Tue, 25 May 2010 21:15:19 -0700

Package: ghostscript
Version: 8.62.dfsg.1-3.2lenny1
Severity: grave
File: /usr/bin/gs
Tags: security
Justification: user security hole



Please see
  http://bugs.ghostscript.com/show_bug.cgi?id=691339
for details, quoted below for completeness.

I am not convinced that my "security wrapper" protects in all cases,
or that it does not prevent some "safe" usage.

Cheers,

Paul Szabo   p...@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


---
Referring to:
  http://bugs.ghostscript.com/show_bug.cgi?id=691316
  http://www.securityfocus.com/archive/1/511433

I see that at gs tries many files in (under) current directory
at startup, so it is dangerous to do e.g.
  cd /tmp; gs any.ps

To see list of files that gs tries, use:
  strace -omylog gs; grep '"\./' mylog | sort -u

I now use a security wrapper (attached), to protect.


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages ghostscript depends on:
ii  debconf [debc 1.5.24                     Debian configuration management sy
ii  debianutils   2.30                       Miscellaneous utilities specific t
ii  defoma        0.11.10-0.2                Debian Font Manager -- automatic f
ii  gs-common     8.62.dfsg.1-3.2lenny1      Dummy package depending on ghostsc
ii  gsfonts       1:8.11+urwcyr1.0.7~pre44-3 Fonts for the Ghostscript interpre
ii  libc6         2.7-18lenny2               GNU C Library: Shared libraries
ii  libgs8        8.62.dfsg.1-3.2lenny1      The Ghostscript PostScript/PDF int

Versions of packages ghostscript recommends:
ii  psfontmgr                    0.11.10-0.2 PostScript font manager -- part of

Versions of packages ghostscript suggests:
ii  ghostscript-x      8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF
pn  hpijs              <none>                (no description available)

-- no debconf information

#!/bin/bash -

# Wrapper for gs thus for:
#   /usr/bin/ghostscript
#   /usr/bin/gs
#   /usr/bin/gsbj
#   /usr/bin/gsdj
#   /usr/bin/gsdj500
#   /usr/bin/gslj
#   /usr/bin/gslp
#   /usr/bin/gsnd

if [ ! -O . ]; then
  cat <<'EOF'

Current directory '.' is unsafe!
Cannot run gs here, see:
  Ghostscript 8.64 executes random code at startup
    http://www.securityfocus.com/archive/1/511433
  Bug 691339 -  Insecure gs initialization
    http://bugs.ghostscript.com/show_bug.cgi?id=691339

(Please see Paul Szabo if this causes problems.)
EOF
  exit 1
fi

c="${0##*/}"
exec /usr/bin/$c "$@"

Bug#583183: /usr/bin/gs: Insecure gs initialization

Reply via email to