Bug 53157 - Vulnerability in ghostscript thumbnail creation
Summary: Vulnerability in ghostscript thumbnail creation
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Compiled Sources Linux
: NOR normal
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
: 56808 (view as bug list)
Depends on:
Blocks:
 
Reported: 2003-01-19 13:37 UTC by Philipp Hullmann
Modified: 2003-04-09 23:10 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hullmann 2003-01-19 13:37:21 UTC
Version:            (using KDE Devel)
Installed from:    Compiled sources

A short glance at the latest version (1.10) of file kdebase/kioslave/thumbnail/gscreator.cpp revealed two problems:

- gs should be called with option -dSAFER, otherwise malicious PostScript files can delete, rename and overwrite files. This bug is present in the 3.0 branch as well, see my patch for bug 45001 for a fix.

- the paths for executables /usr/bin/gs and /usr/bin/dvips are hardcoded. There are lots of systems where neither live in /usr/bin, so this should at least be configurable.
Comment 1 Keith Winstein 2003-04-03 21:21:55 UTC
See also kghostview's bug ID 56808 ("Security hole (-dPARANOIDSAFER not used) allows arbitrary command execution").
Comment 2 Maksim Orlovich 2003-04-03 21:23:56 UTC
Forwarded to security@kde.org 
 
Comment 3 Dirk Mueller 2003-04-09 23:05:17 UTC
Fixed by KDE Security update in 3.0.5b / 3.1.1a of today.  
Comment 4 Dirk Mueller 2003-04-09 23:10:22 UTC
*** Bug 56808 has been marked as a duplicate of this bug. ***