[994] in linux-announce channel archive
Re: Ghostscript problem
daemon@ATHENA.MIT.EDU (Lars Wirzenius)
Sat Sep 2 00:56:53 1995
Date: Fri, 1 Sep 1995 01:30:00 +0300
From: Lars Wirzenius <wirzeniu@cc.helsinki.fi>
To: linux-announce@vger.rutgers.edu
From: Lutz.Pressler@Unix.AMS.Med.Uni-Goettingen.DE (Lutz Pressler)
Subject: Re: Ghostscript problem
Organization: Univ. G"ottingen, Abt. Medizinische Statistik, Germany
Reply-To: Lutz Pressler <Lutz.Pressler@AMS.Med.Uni-Goettingen.DE>
Newsgroups: comp.os.linux.announce
Approved: linux-announce@news.ornl.gov (Lars Wirzenius)
Followup-to: comp.os.linux.setup
-----BEGIN PGP SIGNED MESSAGE-----
Hello,
On Tue, 22 Aug 1995, Olaf Kirch wrote:
> There's another problem with ghostscript that makes you vulnerable to
> attacks via postscript code. Ghostscript has a file type that lets you
> execute arbitrary commands through the shell. While the -dSAFER option
> to gs protects you from ordinary file write/rename/removal attacks, it
> does not check for this special file type.
[...]
> Please also make sure that all programs that use ghostscript set the -dSAFER
> option. ghostview 1.5 does by default, but version 1.4 does not. I'd
> suggest you also check your ps printer filter if you print postscript
> files using gs, and xdvi if you use a version that uses ghostscript to
> display postscript \special's. I checked only xdvi-20, and it's safe.
xdvi-18 (and xdvik 18d?), which is quite commonly used, is not.
As you cannot be sure who uses gs in which situations (calling it manually,
using distributed scripts,...) I asked myself who needs the file access
functionality etc anyway. Is there any "normal" postscript application
which uses those? I don't know any.
That's why I set "-dSAFER" once and for all on our systems here. This is
quite easily possible whithout recompiling:
In {$GS_LIB}/gs_init.ps comment out those two line which implement
the "if SAFER" condition:
SAFER not { (%END SAFER) .skipeof } if
and
%END SAFER
(put "% " (without ", of course) in front of them), or simply
delete them.
That should prohibit such kind of attacks.
Regards,
Lutz
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBMDtyEk8rRJEuvpUdAQHZZwQAsmxcjaYIMRu2JpmV6kXDAWn/FKXdu0yv
ghqAkaPBo5IebMGjOoOBqnBZtGq6PbDJes1W+Q8lV79FgqIPj6QQV7GcpIpaaW43
PB2IFO3gULTpAp1aWIvTVX4f+vg1NpmPxM5KebxYPkcgAAjQDEsni3sckjepgkQ+
Bf6+fXEAMB8=
=7ZFL
-----END PGP SIGNATURE-----
--
Lutz Pre"sler <URL:http://www.AMS.Med.Uni-Goettingen.DE/~lpressl1/>
Systemverwaltung -- Abt. Medizinische Statistik, Universit"at G"ottingen
Humboldtallee 32, D-37073 G"ottingen, Tel.: +49(0551) 39-9774 FAX: -4995
<Lutz.Pressler@AMS.Med.Uni-Goettingen.DE> [PGP-key:WWW&Keyserver] IRC:lp
--
Send comp.os.linux.announce submissions to: linux-announce@news.ornl.gov
PLEASE remember a short description of the software.
