- Package:
- ghostscript
- Source:
- ghostscript
- Description:
- interpreter for the PostScript language and for PDF
- Submitter:
- "Ralph A. Smith"
- Date:
- 2024-01-05 02:51:07 UTC
- Severity:
- important
- Tags:
The behavior of the -dSAFER flag has changed between versions of Ghostscript in Lenny and Squeeze. It now prevents -sOutputFile from working if the input is taken interactively or from a pipe. For example: user@host:path$ gs -q -dSAFER -dSAFINTERPOLATE -dTextAlphaBits=4 -dGraphicsAlphaBits=4 -sDEVICE=ppmraw -r144 -sOutputFile=foo.ppm GS>(foo.ps) run Error: /invalidfileaccess in --run-- Operand stack: (foo.ps) (r) ... This is annoying for those of us who use pipes in scripts to generate graphics, say for web applications. Google did not show any obvious accounts of this. At the very least, it should be documented in a changelog.
Hi Ralph, Ralph A. Smith wrote: Thanks for reporting. Could you try some versions among 8.71~dfsg2-6, 8.71~dfsg2-4, 8.71~dfsg2-3, 8.70~dfsg-2.1, and 8.64~dfsg-13 from snapshot.debian.org and let us know which ones work? Jonathan
Surprisingly, the invalid file access does not occur in any of the versions you suggested, but returns when I upgrade to the current version (8.71~dfsg2-9). For each case, I installed ghostscript, libgs8 and gs-common debs for the test.
fixed 618530 ghostscript/8.71~dfsg2-6 found 618530 ghostscript/8.71~dfsg2-6.1 found 618530 ghostscript/9.01~dfsg-2 tags 618530 + confirmed # regression severity 618530 important retitle 618530 gs -dSAFER: /invalidfileaccess with "run" operator forcemerge 414002 618530 quit Hi again, Ralph Smith wrote: man -t ls >ls.1 echo '(ls.ps) run' | ghostscript -dSAFER fails with /invalidfileaccess, while with 8.71~dfsg2-6 it succeeds (and if ghostscript-x is installed, renders the manpage). This has nothing to do with OutputFile, piped input, or relative paths --- something[1] has changed to make innocuous _reads_ break with -dSAFER. Michael, any hints? Jonathan [1] via debian/patches/1010_CVE-2010-2055.patch
unmerge 618530 # just a regression severity 618530 important found 618530 ghostscript/9.04~dfsg-2 tags 618530 + upstream forwarded 618530 http://bugs.ghostscript.com/show_bug.cgi?id=692602 quit Jonathan Nieder wrote: Thanks again. Let's see what upstream says.
NICE DAY, My name is Miss Angela, I pray that this letter meets you well,though we never meet or seen each other before, but I believe that nature has a way of bringing people together for specific purposes.If you need a friend Email me back,
From the referenced bug report, upstream says it is an intentional behaviour change: Ray Johnston 2012-02-18 22:32:06 UTC It is EXACTLY the intent of SAFER mode (whether -dSAFER or -dDELAYSAFER) to inhibit a (potentially malicious) PS program from reading, executing, deleting, renaming, etc. file systems that are not explicitly identified by the invocation. Paths that are named on the command line using -I___ will be added to the "PermitFileReading" set of paths, but the CWD (i.e. '.' is NOT there with 9.01+ so if it is desired -P or -I. should be specified as an option. This (as far as I can tell from the previous discussion) is working as intended.