[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#618530: marked as done (gs -dSAFER: /invalidfileaccess with "run" operator)

Your message dated Thu, 04 Jan 2024 20:32:18 -0600
with message-id <13927800.RDIVbhacDa@riemann>
and subject line Re: ghostscript: cannot open OutputFile if -dSAFER specified with piped or interactive input
has caused the Debian Bug report #618530,
regarding gs -dSAFER: /invalidfileaccess with "run" operator
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
618530: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618530
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: ghostscript
Version: 8.71~dfsg2-9
Severity: normal

The behavior of the -dSAFER flag has changed between versions of Ghostscript
in Lenny and Squeeze.  It now prevents -sOutputFile from working if the
input is taken interactively or from a pipe.  For example:

user@host:path$ gs -q -dSAFER -dSAFINTERPOLATE -dTextAlphaBits=4 -dGraphicsAlphaBits=4 -sDEVICE=ppmraw -r144 -sOutputFile=foo.ppm
GS>(foo.ps) run
Error: /invalidfileaccess in --run--
Operand stack:
   (foo.ps)   (r)
...

This is annoying for those of us who use pipes in scripts to generate graphics,
say for web applications.  Google did not show any obvious accounts of this.
At the very least, it should be documented in a changelog.

-- System Information:
Debian Release: 6.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ghostscript depends on:
ii  debconf [de 1.5.36.1                     Debian configuration management sy
ii  debianutils 3.4                          Miscellaneous utilities specific t
ii  gsfonts     1:8.11+urwcyr1.0.7~pre44-4.2 Fonts for the Ghostscript interpre
ii  libc6       2.11.2-10                    Embedded GNU C Library: Shared lib
ii  libgs8      8.71~dfsg2-9                 The Ghostscript PostScript/PDF int

ghostscript recommends no packages.

ghostscript suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
On Sat, 15 Oct 2011 20:28:44 -0500 Jonathan Nieder <jrnieder@gmail.com> wrote:
> unmerge 618530
> # just a regression
> severity 618530 important
> found 618530 ghostscript/9.04~dfsg-2
> tags 618530 + upstream
> forwarded 618530 http://bugs.ghostscript.com/show_bug.cgi?id=692602
> quit
> 
> Jonathan Nieder wrote:
> 
> > Confirmed: with version 8.71~dfsg2-6.1 running
> >
> > 	man -t ls >ls.1
> > 	echo '(ls.ps) run' | ghostscript -dSAFER
> >
> > fails with /invalidfileaccess, while with 8.71~dfsg2-6 it succeeds
> 
> Thanks again.  Let's see what upstream says.

>From the referenced bug report, upstream says it is an intentional behaviour 
change:

Ray Johnston 2012-02-18 22:32:06 UTC

It is EXACTLY the intent of SAFER mode (whether -dSAFER or -dDELAYSAFER)
to inhibit a (potentially malicious) PS program from reading, executing, 
deleting, renaming, etc. file systems that are not explicitly identified
by the invocation.

Paths that are named on the command line using -I___ will be added to
the "PermitFileReading" set of paths, but the CWD (i.e. '.' is NOT there
with 9.01+ so if it is desired -P or -I. should be specified as an option.

This (as far as I can tell from the previous discussion) is working as
intended.

Attachment: signature.asc
Description: This is a digitally signed message part.


--- End Message ---
Reply to: