Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Oct 2018 08:49:35 -0700
From: Ian Zimmerman <>
Subject: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox

On 2018-10-10 14:53, Hanno Böck wrote:

> evince installs a thumbnail entry to
> /usr/share/thumbnailers
> This is a generic location where applications can install files (I
> believe they follow the .desktop specification, which is an ini-based
> format). This is thus not nautilus-specific, but every filemanager that
> uses this format will be affected. A quick googling tells me e.g.
> pcmanfm is also affected. I'm not sure if dolphin uses them as well.

It seems to be a bug that this directory is under /usr/share, and not
under /etc where admins could modify it to selectively disable things.  I
checked and there is no parallel /etc/thumbnailers directory to drop
overriding entries into - though maybe ~/.local/share/thumbnailers would
work?  But already the fact that I have to guess is a bug :-(

By the way, on fedora the /usr/share/thumbnailers entry indeed does
belong to the evince package, but there is a separate evince-nautilus
package and its description says:

: This package contains the evince extension for the nautilus file manager.
: It adds an additional tab called "Document" to the file properties dialog.

Do you think that removing evince-nautilus would eliminate the nautilus
attack vector at least?

Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.