lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <201005270051.o4R0pU73024938@bari.maths.usyd.edu.au>
Date: Thu, 27 May 2010 10:51:30 +1000
From: paul.szabo@...ney.edu.au
To: bugtraq@...urityfocus.com
Subject: Re: Ghostscript 8.64 executes random code at startup

The ghostscript people in
  http://bugs.ghostscript.com/show_bug.cgi?id=691339
told me to use the -P- switch, and marked it "RESOLVED WONTFIX".
I guess -P- should be the default, as well as -dSAFER should be.

The way gv invokes gs is "wrong". For example, using command
  gv /tmp/any.ps
will do:
  chdir("/tmp/")
  execve(..., "gs", ... "-dSAFER", ... "any.ps", ...) 
So gv is careful to use -dSAFER but does not know about -P-.
I notified
  bug-gv@....org
about this, see
  http://bugs.debian.org/583316
also.

Cheers, Paul

Paul Szabo   psz@...hs.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ