On Sunday 19 April 2009 01:09:27 pm Bob Friesenhahn wrote: > On Sun, 19 Apr 2009, marti.ma...@littlecms.com wrote: > > Regarding being more secure... well, this is color management > > and not a security package, so probably Bob is right and all > > this effort may be pointless. What do you think? Giving a MD5 > > message digest would help? Do we need anything else? > > Lcms is important to security since ICC profiles can be contained in > random files from the Internet or other untrustable sources. This is > the only path which is any serious concern. Printing subsystems may > also use lcms and are likely to run as a different user than the > person who submitted the job, and the person who submitted the job may > have done so from another machine. The printing system should be > designed to limit the impact of such bugs.
Work is underway right now to make GhostScript fully compliant with the PDF V 1.7 and to write a new color management aware pdftoraster filter for CUPS based on the work being done on GhostScript. The intent is to move to a PDF based printing work flow that supports color management as part of CUPS much like the current system used on OS/X. OS/X uses CUPS and has a proprietary CUPS pdftoraster filter that does color management. The updates happening to GhostScript will utilize lcms at least initially and probably for a long time since no other open source cm engine has V4 support and lcms is the accepted standard for use on open source systems. Current GhostScript versions are using code from ArgyllCMS but only partly supports PDF v 1.3 and has no support for ICC V4 profiles. This work was discussed at length at the recent Linux Foundation Open Printing Summit in San Fransisco on April 10 but security issues were not talked about in any detail. I am sure that those working on this are very concerned about security issues related to the color management engine and profiles since this issue has been raised by the CUPS team on other email lists including the OpenICC list. So Bob's comments on this being a concern for the printing system folks is on the money. > > I create MD5 checksums for GraphicsMagick files but only as a > convenience for the user. In order for the MD5 checksum to be more > than a convenience it needs to be separately available from a known > secure source, or signed using some other means. For example your web > site is likely more trusted than some site which claims to be a mirror > site. > > A number of Linux (and maybe some *BSD and OS-X) distributions have > security problems with their packaging systems in that while they may > verify the downloaded file with a MD5 checksum, the MD5 checksum > itself is not signed or validated in any way and can be very easily > compromised. Commercial Linux (e.g. Red Hat & SuSe) are much more > secure since they don't rely on volunteer mirror sites. This > situation was documented in USENIX Login several months ago. > > Bob > -- > Bob Friesenhahn > bfrie...@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ > GraphicsMagick Maintainer, http://www.GraphicsMagick.org/ > > --------------------------------------------------------------------------- >--- Stay on top of everything new and different, both inside and > around Java (TM) technology - register by April 22, and save > $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. > 300 plus technical and hands-on sessions. Register today. > Use priority code J9JMT32. http://p.sf.net/sfu/p > _______________________________________________ > Lcms-user mailing list > Lcms-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lcms-user ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p _______________________________________________ Lcms-user mailing list Lcms-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lcms-user
