Secure testing team - May 2010 - Bug#583183: /usr/bin/gs: Insecure gs initialization

Package: ghostscript
Version: 8.62.dfsg.1-3.2lenny1
Severity: grave
File: /usr/bin/gs
Tags: security
Justification: user security hole


Please see
  http://bugs.ghostscript.com/show_bug.cgi?id=691339
for details, quoted below for completeness.

I am not convinced that my "security wrapper" protects in all cases,
or that it does not prevent some "safe" usage.

Cheers,

Paul Szabo   psz at maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


---
Referring to:
  http://bugs.ghostscript.com/show_bug.cgi?id=691316
  http://www.securityfocus.com/archive/1/511433

I see that at gs tries many files in (under) current directory
at startup, so it is dangerous to do e.g.
  cd /tmp; gs any.ps

To see list of files that gs tries, use:
  strace -omylog gs; grep ''"\./'' mylog | sort -u

I now use a security wrapper (attached), to protect.


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (500, ''stable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-pk03.17-svr (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages ghostscript depends on:
ii  debconf [debc 1.5.24                     Debian configuration management sy
ii  debianutils   2.30                       Miscellaneous utilities specific t
ii  defoma        0.11.10-0.2                Debian Font Manager -- automatic f
ii  gs-common     8.62.dfsg.1-3.2lenny1      Dummy package depending on ghostsc
ii  gsfonts       1:8.11+urwcyr1.0.7~pre44-3 Fonts for the Ghostscript interpre
ii  libc6         2.7-18lenny2               GNU C Library: Shared libraries
ii  libgs8        8.62.dfsg.1-3.2lenny1      The Ghostscript PostScript/PDF int

Versions of packages ghostscript recommends:
ii  psfontmgr                    0.11.10-0.2 PostScript font manager -- part of

Versions of packages ghostscript suggests:
ii  ghostscript-x      8.62.dfsg.1-3.2lenny1 The GPL Ghostscript PostScript/PDF
pn  hpijs              <none>                (no description available)

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gs
Type: text/x-shellscript
Size: 589 bytes
Desc: not available
URL:
<http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100526/cf905033/attachment.bin>