On Fri, 2004-07-30 at 15:06, Martin-�ric Racine wrote: > (note: I'm not subscribing to this list, please CC me) > > Bug#259993 was submitted on one of my package, tagged as a security risk. > > Upstream has been quite cooperative in asserting the gravity and is very willing > to fix anything that the submitter can demonstrate. The problem is that some of > the submitter's claims appear questionable and that he refuses to substanciate. > > I'm tempted to tag this as wont-fix, but would like this list's input first.
This I believe is the same "bug" or "Security Risk" that caused our
Mozilla Packager to remove the PS print engine from Mozilla and package
it that way.
Now, a specific switch passed onto ghostscript needs to be used to fix
the issue.
From the gs man page:
-dSAFER
Disables the "deletefile" and "renamefile" operators and
the ability to open files in any mode other than
read-only. This is desirable for spoolers or any other
environments where a malicious or badly written
PostScript program must be prevented from changing
important files.
This is what he is spouting about, I think.
Cheers.
--
greg, [EMAIL PROTECTED]
The technology that is
Stronger, better, faster: Linux
signature.asc
Description: This is a digitally signed message part
