[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GNU GhostScript 7.05 comes with broken security "features"
From: |
Russell Lang |
Subject: |
Re: GNU GhostScript 7.05 comes with broken security "features" |
Date: |
Tue, 09 Jul 2002 10:36:29 GMT |
David,
Submit your bug report at
http://sourceforge.net/projects/ghostscript/
Your email to bug-gs has been seen and I have verified that
your bug report is reproducible. If you submit it to the bug list
on sourceforge it won't be forgotten.
GS 7.04 had a bug in the security code (unintended side
effects rather than holes), and the fix to this may have caused
the problem you report.
Russell
"David Kastrup" <address@hidden> wrote in message
news:address@hidden
>
> This was already available in 6.54 or so, and it is close to
> impossible to find a bug reporting address for GNU GhostScript.
>
> Basically,
> save .setsafe restore
>
> is _not_ a noop with regard to security settings: it irretrievably
> sets the secure operation mode. This renders the .runandhide
> operator ridiculous.
>
> GNU GhostScript got this wrong when it first backported this
> functionality from 7.03 AFPL GhostScript, and it seemingly still
> contains the broken backport in spite of being based off AFPL
> GhostScript 7.04 or so.
>
> This makes security management for persistent sessions (like in
> GhostView, or in preview-latex) impossible.
>
> With preview-latex, I will have to implement checking the version
> number and specifically disabling security for GhostScript 7.05.
> Please make sure that I will not have to do junk like that for future
> versions as well.
>
> Thanks,
>
> --
> David Kastrup, Kriemhildstr. 15, 44793 Bochum
> Email: address@hidden