oss-sec mailing list archives

Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961)

From: Leonid Isaev <leonid.isaev () jila colorado edu>
Date: Tue, 9 Oct 2018 09:30:06 -0600

On Tue, Oct 09, 2018 at 06:58:39AM -0700, Tavis Ormandy wrote:

Full working exploit that works in the last few versions is attached,
viewing it in evince, imagemagick, gimp, okular, etc should add a line to
~/.bashrc.


Add zathura to the above list :)

p.s. plz can we deprecate untrusted postscript :(


Which means any postscript file downloaded from the internet... Then how should
people read arXiv.org, for example?

Thanks,
L.

-- 
Leonid Isaev

Current thread:

ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy (Oct 09)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Leonid Isaev (Oct 09)
  - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy (Oct 09)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Bob Friesenhahn (Oct 09)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Perry E. Metzger (Oct 09)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy (Oct 09)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Alex Gaynor (Oct 09)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Doran Moppert (Oct 09)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Perry E. Metzger (Oct 10)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Rich Felker (Oct 16)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Perry E. Metzger (Oct 17)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Rich Felker (Oct 17)

(Thread continues...)