Date: Tue, 21 Aug 2018 07:48:22 -0700 From: Tavis Ormandy <taviso@...gle.com> To: oss-security@...ts.openwall.com Subject: Re: More Ghostscript Issues: Should we disable PS coders in policy.xml by default? On Tue, Aug 21, 2018 at 5:46 AM Tavis Ormandy <taviso@...gle.com> wrote: > > $ convert input.jpg output.gif > uid=1000(taviso) gid=1000(taviso) groups=1000(taviso),10(wheel) > context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > > My colleague Jann Horn pointed out evince (which uses libgs, which is affected with some tweaks to the PoC) is used to generate previews in Nautilus, which means previews can trigger code execution (see /usr/share/thumbnailers/evince.thumbnailer). I think it's possible to trigger that via file automatic download in a browser just by visiting a URL, but I haven't tested it. I think those thumbnails should be disabled, but you've probably noticed I think everything related to untrusted ghostscript should be disabled :-) Tavis.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.