[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: doc-view and mailcap

From: Reiner Steib
Subject: Re: doc-view and mailcap
Date: Wed, 17 Oct 2007 19:59:41 +0200
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1.50 (gnu/linux)

On Wed, Oct 17 2007, Richard Stallman wrote:

>     I didn't have time to try doc-view yet [...], so I don't know if
>     doc-view makes sense for attachments.
> Would you please report back when you are able to try it?

I had a quick look at `doc-view.el'.  There's a security issue when
using `doc-view' in mailcap.  mailcap attempts to use a safe viewer
with the safest options[1], e.g. it calls gv, gs and xdvi with the
"-safer" option [2].  AFAICS, `doc-view' doesn't use such options.  At
least "-dSAFER" should be added in `doc-view-ghostscript-options' and
`doc-view-ps2pdf-program' (or a new variable
`doc-view-ps2pdf-options'?) when used with mailcap (or even always?).
I don't know if similar security options are available for dvipdfm and

Bye, Reiner.

,----[ (info "(emacs-mime)Display Customization") ]
| `mm-enable-external'
|      Indicate whether external MIME handlers should be used.
|      If `t', all defined external MIME handlers are used.  If `nil',
|      files are saved to disk (`mailcap-save-binary-file').  If it is
|      the symbol `ask', you are prompted before the external MIME
|      handler is invoked.
|      When you launch an attachment through mailcap (*note mailcap::) an
|      attempt is made to use a safe viewer with the safest options--this
|      isn't the case if you save it to disk and launch it in a different
|      way (command line or double-clicking).  Anyhow, if you want to be
|      sure not to launch any external programs, set this variable to
|      `nil' or `ask'.


,----[ M-x occur RET safer RET ]
| 4 matches for "safer" in buffer: mailcap.el
|      94:      (viewer . "xdvi -safer %s")
|     140:      (viewer . "gv -safer %s")
|     160:      (viewer . "gv -safer %s")
|     166:      (viewer . "ghostview -dSAFER %s")

,----[ gv(1) ]
|       -safer, -nosafer
|               Whether to start ghostscript with the -dSAFER option.

,----[ gs(1) ]
|       -dSAFER
|               Disables  the "deletefile"  and  "renamefile" operators
|               and the  ability to open  files in any mode  other than
|               read-only.   This  strongly  recommended for  spoolers,
|               conversion  scripts  or  other  sensitive  environments
|               where a badly   written or malicious PostScript program
|               code must be prevented from changing important files.

,----[ xdvi(1) ]
|       -safer
|               (.safer)  This option turns  on all  available security
|               options; it is designed for  use when xdvi is called by
|               a browser that  obtains a dvi or TeX  file from another
|               site.  This option selects +nogssafer and +allowshell.
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]