|
From: | Markus Steinborn |
Subject: | [bug-gv] Re: Bug#583316: /usr/bin/gv: Insecure gs workaround "gs -P-" |
Date: | Sat, 29 May 2010 09:35:37 +0200 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.9) Gecko/20100317 SeaMonkey/2.0.4 |
Bernhard R. Link schrieb:
* address@hidden<address@hidden> [100527 06:39]:I have been using a wrapper around gs that sets both -P- -dSAFER. That seems to work fine for viewing PS files, but does NOT allow gv to work for PDFs: the (first?) invoked gs cannot have either of those "security options" when attempting "gv some.pdf". As with PS files, "gv /tmp/some.pdf" first does "chdir /tmp" then invokes gs, which is rather unsafe without -P-.I guess the reason why it changes the directory and why -P- is not working here is that the pdf is opened by some postscript code and will not find it with relative path. There seems explicit code in gv to make sure that filename is always relative which has a comment: "/* Strip off directory from p to satisfy GS 8.00 security change */"
Both are introduced by the commit commit c135e449c8aa5f08a6931355adc9f9704bde7fea Author: Jose E. Marchesi <address@hidden> Date: Thu Mar 31 12:14:09 2005 +0000 Applied the gs 8.0 SAFE patch from John BowmanTherefore there is reason to believe that both, the chdir and the relative filename are needed for ghostscript 8.0.
By adjusting the settings in "State - Ghostscript options", you can add the requested "-P-" quite easy: Add "-P-" to arguments and to the beginning of "Scan PDF" and "Convert PDF". Let's start with this and test if this breaks something.
Greetings from Germany Markus Steinborn GNU gv maintainerPS: If using a wrapper for calling "gs", make sure that "-P-" is added to the beginning of the parameters, not at the end. That may be a cause why GNU gv does not work with a wrapper.
[Prev in Thread] | Current Thread | [Next in Thread] |