oss-sec mailing list archives

Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961)

From: Hanno Böck <hanno () hboeck de>
Date: Tue, 9 Oct 2018 22:10:50 +0200

Hi,

On Tue, 9 Oct 2018 09:30:06 -0600
Leonid Isaev <leonid.isaev () jila colorado edu> wrote:

Which means any postscript file downloaded from the internet... Then
how should people read arXiv.org, for example?


Surprised by this claim I did a quick check on arxiv. I don't see any
papers that are only available as postscript. All papers seem to be
available as PDF, some additionally as PS.

Which also makes sense: Many browsers support direct PDF display. While
PDF is also a complex format with pitfalls I'd still trust the
in-browser PDF readers much more than something like ghostscript.

If there are sites that rely on PS documents they should probably be
encouraged to do a server-side sandboxed auto-conversion of them and
offer PDF also.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Current thread:

Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961), (continued)
- - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy (Oct 09)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Bob Friesenhahn (Oct 09)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Perry E. Metzger (Oct 09)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy (Oct 09)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Alex Gaynor (Oct 09)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Doran Moppert (Oct 09)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Perry E. Metzger (Oct 10)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Rich Felker (Oct 16)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Perry E. Metzger (Oct 17)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Rich Felker (Oct 17)
  - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Hanno Böck (Oct 09)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Eddie Chapman (Oct 10)
  - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Hanno Böck (Oct 10)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Eddie Chapman (Oct 10)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Hanno Böck (Oct 10)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Emilio Pozuelo Monfort (Oct 11)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Brandon Perry (Oct 10)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Alan Coopersmith (Oct 10)
    - Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Ian Zimmerman (Oct 10)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Leo Famulari (Oct 10)
- Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) Tavis Ormandy (Oct 11)