Newsgroups: alt.gopher,alt.security,comp.lang.postscript From: jgreely@morganucodon.cis.ohio-state.edu (J Greely) Subject: Re: Gopher PostScript data type would constitute a security hole In-Reply-To: wollman@UVM.EDU's message of Tue, 5 May 1992 18: 56:52 GMT Message-ID: Organization: Ohio State University Computer and Information Science References: <92May4.112004edt.53306@watdragon.waterloo.edu> <1992May5.033112.13853@menudo.uh.edu> <1992May5.161126.11521@rice.edu> <1992May5.185652.6305@uvm.edu> Date: Tue, 5 May 1992 22:56:37 GMT In article <1992May5.185652.6305@uvm.edu> wollman@UVM.EDU (Garrett Wollman) writes: >In article <1992May5.161126.11521@rice.edu> riddle@is.rice.edu > (Prentiss Riddle) writes: >>GhostScript, the GNU PostScript interpreter on which GhostView is >>based, appears to implement these scary functions, and the author has >>not been responsive to our request that a "safe" mode be added to >>GhostScript. The beauty of free software is that you can fix it yourself. The beauty of the net is that you can find someone else to fix it for you :-). [solution deleted] >How's that? The following patch to gs_init.ps (2.4.1) amplifies on Garrett's idea, allowing you to say -DSAFE on the command line. It disables renamefile, deletefile, and restricts the file operator to reading. *** gs_init.ps.old Tue May 5 16:50:40 1992 --- gs_init.ps Tue May 5 17:54:03 1992 *************** *** 35,40 **** --- 35,41 ---- currentdict /NOPAUSE known /NOPAUSE exch def currentdict /QUIET known ASCIIOUT or /QUIET exch def currentdict /WRITESYSTEMDICT known /WRITESYSTEMDICT exch def + currentdict /SAFE known /SAFE exch def % Acquire environment variables. currentdict /DEVICE known not *************** *** 343,348 **** --- 344,356 ---- % Temporarily substitute it for the real `run'. /.run /run load def /run /run0 load def + + % disable potentially-dangerous file operators + SAFE { + /file {dup (r) eq {file} {pop pop} ifelse} bind odef + /renamefile {pop pop} odef + /deletefile {pop} odef + } if % If the user asked for ASCII output, read in the patches now. ASCIIOUT { (gs_2asc.ps) run } if -- J Greely (jgreely@cis.ohio-state.edu; osu-cis!jgreely)