oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961)

From: Tavis Ormandy <taviso () google com>
Date: Tue, 9 Oct 2018 10:11:34 -0700
On Tue, Oct 9, 2018 at 9:53 AM Leonid Isaev <leonid.isaev () jila colorado edu>
wrote:


On Tue, Oct 09, 2018 at 06:58:39AM -0700, Tavis Ormandy wrote:

Full working exploit that works in the last few versions is attached,
viewing it in evince, imagemagick, gimp, okular, etc should add a line to
~/.bashrc.


Add zathura to the above list :)


p.s. plz can we deprecate untrusted postscript :(


Which means any postscript file downloaded from the internet... Then how
should
people read arXiv.org, for example?



I think we should encourage switching to other document formats that we
have a better handle on securing. If you do need untrusted ps, I think
treating it the same as shell script file you downloaded from the internet.

I mean, technically there's a bash restricted mode and python rexec, but
you probably wouldn't run it on random things you just downloaded.

gs -dSAFER and bash -r are useful features, but I think ever invoking them
automatically without prompts about trust, etc, is just asking for trouble.

Tavis.
Previous By Date Next
Previous By Thread Next

Current thread: