Date: Wed, 10 Oct 2018 08:49:35 -0700 From: Ian Zimmerman <itz@...y.loosely.org> To: oss-security@...ts.openwall.com Subject: Re: ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961) On 2018-10-10 14:53, Hanno Böck wrote: > evince installs a thumbnail entry to > /usr/share/thumbnailers > > This is a generic location where applications can install files (I > believe they follow the .desktop specification, which is an ini-based > format). This is thus not nautilus-specific, but every filemanager that > uses this format will be affected. A quick googling tells me e.g. > pcmanfm is also affected. I'm not sure if dolphin uses them as well. It seems to be a bug that this directory is under /usr/share, and not under /etc where admins could modify it to selectively disable things. I checked and there is no parallel /etc/thumbnailers directory to drop overriding entries into - though maybe ~/.local/share/thumbnailers would work? But already the fact that I have to guess is a bug :-( By the way, on fedora the /usr/share/thumbnailers entry indeed does belong to the evince package, but there is a separate evince-nautilus package and its description says: : This package contains the evince extension for the nautilus file manager. : It adds an additional tab called "Document" to the file properties dialog. Do you think that removing evince-nautilus would eliminate the nautilus attack vector at least? -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.