oss-sec mailing list archives
Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default?
From: Tavis Ormandy <taviso () google com>
Date: Tue, 21 Aug 2018 07:48:22 -0700
On Tue, Aug 21, 2018 at 5:46 AM Tavis Ormandy <taviso () google com> wrote:
$ convert input.jpg output.gif uid=1000(taviso) gid=1000(taviso) groups=1000(taviso),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
My colleague Jann Horn pointed out evince (which uses libgs, which is affected with some tweaks to the PoC) is used to generate previews in Nautilus, which means previews can trigger code execution (see /usr/share/thumbnailers/evince.thumbnailer). I think it's possible to trigger that via file automatic download in a browser just by visiting a URL, but I haven't tested it. I think those thumbnails should be disabled, but you've probably noticed I think everything related to untrusted ghostscript should be disabled :-) Tavis.
Current thread:
- More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 21)
- Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 21)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 21)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Alex Gaynor (Aug 21)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 21)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? AmitB (Aug 22)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 22)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 22)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonardo Taccari (Aug 23)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Mateusz Lenik (Aug 23)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Leonardo Taccari (Aug 23)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 23)
- Re: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Bob Friesenhahn (Aug 21)
- Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? Tavis Ormandy (Aug 21)