[327] in linux-security and linux-alert archive
Re: Ghostscript problem
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Wed Aug 23 18:00:33 1995
From: okir@monad.swb.de (Olaf Kirch)
To: linux-security@tarsier.cv.nrao.edu
Date: Wed, 23 Aug 1995 20:55:56 +0200 (MET DST)
In-Reply-To: <199508231327.PAA07359@mvmampc66.ciw.uni-karlsruhe.de> from "=?ISO-8859-1?Q?Thomas_K=F6nig?=" at Aug 23, 95 03:27:32 pm
Thomas Koenig wrote:
> What other programs are there which invoke gs transparently?
I just grepped my xv-3.00 binary, and found that it invokes /usr/bin/gs
somewhere. A grep for SAFER turned up -- nothing.
Does anyone volunteer to draw up a list of programs that use gs? Here's
a start, off the top of my head:
* ghostview. 1.4 is vulnerable, 1.5 is not.
* Web browsers: Mosaic, netscape, etc. Most seem to invoke ghostview
directly.
* metamail.
* Your postscript printer filter, if you use one.
* xdvi (v20 is safe)
* xdvi-k (18f is latest, and still lists -safer in the TODO section).
* xv (3.0 seems to be vulnerable).
* xfig. (3.1.3 is safe, don't know about earlier versions).
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
For my PGP public key, finger okir@brewhq.swb.de.
