Date: Wed, 10 Oct 2018 08:49:35 -0700 From: Ian Zimmerman <itz@...y.loosely.org> To: oss-security@...ts.openwall.com Subject: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) On 2018-10-10 14:53, Hanno Böck wrote: > evince installs a thumbnail entry to > /usr/share/thumbnailers > > This is a generic location where applications can install files (I > believe they follow the .desktop specification, which is an ini-based > format). This is thus not nautilus-specific, but every filemanager that > uses this format will be affected. A quick googling tells me e.g. > pcmanfm is also affected. I'm not sure if dolphin uses them as well. It seems to be a bug that this directory is under /usr/share, and not under /etc where admins could modify it to selectively disable things. I checked and there is no parallel /etc/thumbnailers directory to drop overriding entries into - though maybe ~/.local/share/thumbnailers would work? But already the fact that I have to guess is a bug :-( By the way, on fedora the /usr/share/thumbnailers entry indeed does belong to the evince package, but there is a separate evince-nautilus package and its description says: : This package contains the evince extension for the nautilus file manager. : It adds an additional tab called "Document" to the file properties dialog. Do you think that removing evince-nautilus would eliminate the nautilus attack vector at least? -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.