oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ghostscript: 1Policy operator gives access to .forceput CVE-2018-18284

From: "Perry E. Metzger" <perry () piermont com>
Date: Tue, 16 Oct 2018 17:57:42 -0400
On Tue, 16 Oct 2018 22:50:24 +0200 Hanno Böck <hanno () hboeck de> wrote:

On Tue, 16 Oct 2018 15:57:22 -0400
"Perry E. Metzger" <perry () piermont com> wrote:


Again, given that PostScript is an archival format for a lot of
documents, wouldn't a version of ghostscript with all the ability
to do anything dangerous removed from the interpreter at compile
time be rational?  


I think nobody here will disagree with you that this would be good
to have.
The question is: Who's gonna do it? Will you?


Good question. One obstacle for me is a lack of familiarity with the
codebase (which others here seem to have), but on the other hand, I
appear to have more motivation.

Perry
-- 
Perry E. Metzger                perry () piermont com
Previous By Date Next
Previous By Thread Next

Current thread: