[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#28811: 11.90.2.2017-07-25; preview-at-point
|
From: |
David Kastrup |
|
Subject: |
bug#28811: 11.90.2.2017-07-25; preview-at-point |
|
Date: |
Sat, 04 Nov 2017 20:45:40 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) |
Ken Sharp <address@hidden> writes:
> At 18:16 04/11/2017 +0100, David Kastrup wrote:
>
>>It's rendering individual PostScript files in an order determined by
>>the current position in a viewer (in this case an Emacs file), and the
>>individual files are externally provided, so they may contain
>>malicious code.
>
> Provided they are in the current directory,
I am not sure that can be arranged.
> as far as I'm aware you don't need to break SAFER for them, because
> the Current worming directory is permitted. I can't recall if that
> requires -P- or not, it may do.
I am pretty sure that it didn't work by default.
>>Pretty much the principal reason for the existence of DELAYSAFER.
>
> DELAYSAFER is there to permit operations to be concluded that won't
> work if you have SAFER. This is, however, a massive security hole,
> there are nay number of implementations and 'recipes' out there which
> use SAFER and DELAYSAFER and never call .setsafe.
Not preview-latex. It isn't a "security hole" unless you make it one.
> Also WRITESYSTEMDICT and other things.
>
> In any event, DELAYSAFER hasn't changed.
It's pretty pointless unless one can use .runandhide to temporarily be
safe.
>>This uses Ghostscript interactively via pipes (or a tty, I forget
>>which): if there was a mode "be unsafe on the Ghostscript interpreter
>>command line and safe within files read from there", that would work.
>
> No way that Ghostscript can tell the difference, at the interpreter
> level, it all just comes in as streamed data.
Well, then it is .runandhide .
>>How are safe PostScript viewers to be implemented now?
>
> Well, you can use SAFER, you can even use DELAYSAFER, that has not
> changed. What I'm questioning is the use of .runandhide.
I repeat: the order of the files to be rendered is not known when
Ghostscript is started: that depends on where the viewer is paging when
Ghostscript has free capacities. This "render stuff currently on screen
first" thing is pretty important for maintaining good interactivity.
.runandhide is used for rendering one file safely, then get Ghostscript
back into a state where it is possible to tell it via pipe to its
command line what to do next.
--
David Kastrup
- bug#28811: 11.90.2.2017-07-25; preview-at-point, Arash Esbati, 2017/11/03
- bug#28811: 11.90.2.2017-07-25; preview-at-point, Ken Sharp, 2017/11/04
- bug#28811: 11.90.2.2017-07-25; preview-at-point, David Kastrup, 2017/11/04
- bug#28811: 11.90.2.2017-07-25; preview-at-point, Ken Sharp, 2017/11/04
- bug#28811: 11.90.2.2017-07-25; preview-at-point,
David Kastrup <=
- bug#28811: 11.90.2.2017-07-25; preview-at-point, Ken Sharp, 2017/11/05
- bug#28811: 11.90.2.2017-07-25; preview-at-point, David Kastrup, 2017/11/05
- bug#28811: 11.90.2.2017-07-25; preview-at-point, Ken Sharp, 2017/11/05
- bug#28811: 11.90.2.2017-07-25; preview-at-point, David Kastrup, 2017/11/05
- bug#28811: 11.90.2.2017-07-25; preview-at-point, David Kastrup, 2017/11/05
- bug#28811: 11.90.2.2017-07-25; preview-at-point, Ken Sharp, 2017/11/06
bug#28811: 11.90.2.2017-07-25; preview-at-point, Arash Esbati, 2017/11/04