[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-gv] Re: Bug#583316: /usr/bin/gv: Insecure gs workaround "gs -P-"

From: Markus Steinborn
Subject: [bug-gv] Re: Bug#583316: /usr/bin/gv: Insecure gs workaround "gs -P-"
Date: Sat, 29 May 2010 09:35:37 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; de; rv: Gecko/20100317 SeaMonkey/2.0.4

Bernhard R. Link schrieb:
* address@hidden<address@hidden>  [100527 06:39]:
I have been using a wrapper around gs that sets both -P- -dSAFER.
That seems to work fine for viewing PS files, but does NOT allow
gv to work for PDFs: the (first?) invoked gs cannot have either of
those "security options" when attempting "gv some.pdf".

As with PS files, "gv /tmp/some.pdf" first does "chdir /tmp" then
invokes gs, which is rather unsafe without -P-.
I guess the reason why it changes the directory and why -P- is not
working here is that the pdf is opened by some postscript code and will
not find it with relative path.

There seems explicit code in gv to make sure that filename is always
relative which has a comment:
"/* Strip off directory from p to satisfy GS 8.00 security change */"
Both are introduced by the commit

commit c135e449c8aa5f08a6931355adc9f9704bde7fea
Author: Jose E. Marchesi <address@hidden>
Date:   Thu Mar 31 12:14:09 2005 +0000

    Applied the gs 8.0 SAFE patch from John Bowman

Therefore there is reason to believe that both, the chdir and the relative filename are needed for ghostscript 8.0.

By adjusting the settings in "State - Ghostscript options", you can add the requested "-P-" quite easy: Add "-P-" to arguments and to the beginning of "Scan PDF" and "Convert PDF". Let's start with this and test if this breaks something.

Greetings from Germany

Markus Steinborn
GNU gv maintainer

PS: If using a wrapper for calling "gs", make sure that "-P-" is added to the beginning of the parameters, not at the end. That may be a cause why GNU gv does not work with a wrapper.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]