oss-sec mailing list archives
Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284
From: "Perry E. Metzger" <perry () piermont com>
Date: Tue, 16 Oct 2018 17:57:42 -0400
On Tue, 16 Oct 2018 22:50:24 +0200 Hanno Böck <hanno () hboeck de> wrote:
On Tue, 16 Oct 2018 15:57:22 -0400 "Perry E. Metzger" <perry () piermont com> wrote:Again, given that PostScript is an archival format for a lot of documents, wouldn't a version of ghostscript with all the ability to do anything dangerous removed from the interpreter at compile time be rational?I think nobody here will disagree with you that this would be good to have. The question is: Who's gonna do it? Will you?
Good question. One obstacle for me is a lack of familiarity with the codebase (which others here seem to have), but on the other hand, I appear to have more motivation. Perry -- Perry E. Metzger perry () piermont com
Current thread:
- ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Rich Felker (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Bob Friesenhahn (Oct 17)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Hanno Böck (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Perry E. Metzger (Oct 16)
- Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 17)
- Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)
- Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Tavis Ormandy (Oct 18)
- Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)
- Re: Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284 Jordan Glover (Oct 18)