On Sat, Jun 05, 2010 at 01:11:22PM +0200, Bernhard R. Link wrote: > Package: ghostscript > Version: 8.62.dfsg.1-3.2 > Severity: grave > Tags: security > > Ghostscript defaults to -P, that is to look for all files in the > current directory first. As this means that especially gs_init.ps > which is responsible for all security measures like honoring -dSAFER > can be replaced by a file in the local directory, it is relatively > easy to cause harm this way. > > One can argue that every gs user should get this right, but given > that most don't (not even gs' helper scripts, I'll file an different > bug report about that), I really think the default should change. > > see: http://bugs.ghostscript.com/show_bug.cgi?id=691339 for upstream's > opinion. > > For testing note that due to http://bugs.debian.org/584653 > -P- has no effect on gs_init.ps, so programs calling gs will even > be insecure if they are "fixed" to use -P-.
I looked into this during DebConf: We could modify the default load behaviour by setting SEARCH_HERE_FIRST=0 in base/Makefile.in, but this would cause regressions in applications calling Ghostscript: http://bugs.ghostscript.com/show_bug.cgi?id=691350 (Comment 17) I suppose implementing a filepath check as suggested by Werner Fink is the best course of action. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
