oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961)

From: Ian Zimmerman <itz () very loosely org>
Date: Wed, 10 Oct 2018 08:49:35 -0700
On 2018-10-10 14:53, Hanno Böck wrote:


evince installs a thumbnail entry to
/usr/share/thumbnailers

This is a generic location where applications can install files (I
believe they follow the .desktop specification, which is an ini-based
format). This is thus not nautilus-specific, but every filemanager that
uses this format will be affected. A quick googling tells me e.g.
pcmanfm is also affected. I'm not sure if dolphin uses them as well.


It seems to be a bug that this directory is under /usr/share, and not
under /etc where admins could modify it to selectively disable things.  I
checked and there is no parallel /etc/thumbnailers directory to drop
overriding entries into - though maybe ~/.local/share/thumbnailers would
work?  But already the fact that I have to guess is a bug :-(

By the way, on fedora the /usr/share/thumbnailers entry indeed does
belong to the evince package, but there is a separate evince-nautilus
package and its description says:

: This package contains the evince extension for the nautilus file manager.
: It adds an additional tab called "Document" to the file properties dialog.

Do you think that removing evince-nautilus would eliminate the nautilus
attack vector at least?

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.
Previous By Date Next
Previous By Thread Next

Current thread: