ps2epsi from the ESP version of GhostScript deletes a temporary file created by mktemp. This file is later an argument to gs, although with -dSAFER specified. A malicious user could watch the temporary directory, e.g. using inotify. Once a file is created and deleted, it could try to replace it with an own copy, which would then be processed with the privileges of the user calling ps2epsi. The attack would depend on the watching process getting processing time before ps2epsi can recreate the file but after it has checked the file is really gone. This is at least possible, although I don't know if it's probable. At the very least he could introduce his own contents instead or additionally to the document provided by the user. I don't know if -dSAFER is safe enough to prevent worse attacks. As a solution, the file should be kept and overwritten, and only deleted by the signal handler already present.
printing please verify and provide fixed ebuilds if needed, thank you.
ebuild done, ghostscript-esp-8.15.1-r1.ebuild
actually, gs-esp-8 cannot be marked stable due to the numerous unsolved bugs in bugzilla. I would like the afpl one in the other bug be marked stable though. Do you want me to patch the stable -7 series of gs-esp? Or do you want to tell people to use -gnu or -afpl in the GLSA? Also -gnu is now the global default with the new-style virtual/ghostscript because -esp-8 has so many bugs.
Stefan: probably better to patch the -7 line if you can.
Printing herd please patch the current stable series or advise
well, advice is to not recommend either ghostscript-esp in a security GLEP because both series have serious bugs. Just tell people to switch to -gnu, ok?
The vulnerability is not serious enough to warrant a MaskGLSA so we'll probably just security.mask the two as having persistent security problems and not issue anything. The message will recommand users to switch to the gnu version. Security, please comment
I agree with comment #7.
ghostscript-esp-8.15.1_p20060430 fixes a thus far serious bug in gs-esp. I cannot find any other bugs open for gs-esp-8 so probably it should be marked stable instead of just masking the old version.
We can try... Arches please test and mark ghostscript-esp-8.15.1_p20060430 stable if you can
(In reply to comment #10) > Arches please test and mark ghostscript-esp-8.15.1_p20060430 stable if you can I've done some testing on a stable amd64 system and have encountered a problem with either ps2epsi or epstopdf (from tetex). Using paper.ps[1] I ran `ps2epsi paper.ps` and got paper.epsi[2] (which is 57M, is that normal?). I then ran `epstopdf paper.epsi` and got a pdf[3]. However, when I open the pdf in gpdf it is all on one page. I ran `ps2pdf paper.ps` and got a good looking pdf[4]. Am I doing something completely wrong here (note, I have 0 experience with encapulated ps)? There were no warnings or errors when I ran the commands I mentioned. [1] http://dev.gentoo.org/~tcort/examples/paper.ps [2] http://dev.gentoo.org/~tcort/examples/paper.epsi.bz2 [3] http://dev.gentoo.org/~tcort/examples/paper-from-epsi.pdf [4] http://dev.gentoo.org/~tcort/examples/paper-from-ps.pdf app-text/ghostscript-esp-8.15.1_p20060430 +X -cjk +cups -emacs +gtk -threads -xml app-text/tetex-2.0.2-r9 +X -doc -tcltk app-text/gpdf-2.10.0-r4 -debug # emerge --info Portage 2.0.54 (default-linux/amd64/2006.0, gcc-3.4.5, glibc-2.3.5-r2, 2.6.15-gentoo-r7 x86_64) ================================================================= System uname: 2.6.15-gentoo-r7 x86_64 AMD Turion(tm) 64 Mobile Technology ML-32 Gentoo Base System version 1.6.14 dev-lang/python: 2.4.2 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=athlon64 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib64/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon64 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig collision-protect cvs distlocks multilib-strict sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.mirrored.ca/ http://adelie.polymtl.ca/ http://gentoo.arcticnetwork.ca/ http://gentoo.osuosl.org/ " MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="amd64 X aac acpi aim alsa audacious audiofile avi berkdb bitmap-fonts browserplugin bzip2 cdr cli crypt cups curl dbus dri eds emboss encode esd exif expat fam flac foomaticdb gif glut gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml hal icq idn imlib ipv6 isdnlog jabber java jpeg kde lcms libwww lua lzw lzw-tiff mad mikmod mng mono mozilla moznocompose moznoirc moznomail mp3 mpeg msn ncurses nls nocd nptl nptlonly nsplugin offensive ogg oggvorbis openal opengl oscar pam pcre pdflib perl png pppd python qt quicktime readline reflection sdl session shorten sndfile spell spl ssl symlink tcpd tetex tiff truetype truetype-fonts type1-fonts udev usb userlocales vorbis wxgtk1 xml2 xmms xorg xpm xv xvid yahoo zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS
I've done some testing with ghostscript-esp-8.15.1_p20060430 [ +X -cjk +cups -emacs +gtk -threads +xml ] on x86. For testing i've opened a view ps files and verified that they are displayed correctly using evnince-0.4.0-r3 [ +dbus -debug -doc +dvi +nautilus -t1lib +tiff ]. However, i can also confirm the behavour mentioned in comment #11 (with evenice instead of gpdf). Btw. i'm using tetex-2.0.2-r8 [ +X -doc +tcltk ]. Portage 2203-svn (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.3.6-r3, 2.6.16-gentoo-r3 i686) ================================================================= System uname: 2.6.16-gentoo-r3 i686 AMD Athlon(tm) XP 2400+ Gentoo Base System version 1.6.14 dev-lang/python: 2.3.5-r2, 2.4.2 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon-xp -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/eselect/compiler /etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig collision-protect distlocks sandbox sfperms strict test" GENTOO_MIRRORS="http://gentoo.inode.at/ " LANG="en_US.utf8" LC_ALL="en_US.utf8" LINGUAS="en de" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://192.168.0.1/gentoo-portage" USE="x86 3dnow 3dnowext X a52 aac aalib acpi alsa apm audiofile avi berkdb bitmap-fonts bonobo bzip2 cairo cdr cli crypt css cups curl dbus directfb dri dts dvd dvdr dvdread eds emboss encode exif expat fam fbcon ffmpeg firefox flac foomaticdb fortran gd gdbm gif ginac glut gmp gnome gphoto2 gpm gstreamer gtk gtk2 gtkhtml guile hal icq idn imagemagick imlib ipv6 isdnlog java javascript jpeg jpeg2k junit lcms libg++ libwww mad mikmod mime mmx mmxext mng motif mozsvg mp3 mpeg msn nautilus ncurses nls nptl nsplugin nvidia offensive ogg oggvorbis openal opengl pam pcre pdflib perl plotutils png posix pppd python quicktime readline real reflection ruby sdl session slang sockets speex spell spl sqlite sqlite3 sse ssl subtitles svg svga tcltk tcpd tetex theora tiff truetype truetype-fonts type1-fonts udev unicode usb vcd vorbis win32codecs wma xine xml xml2 xmms xorg xv xvid zlib linguas_en linguas_de userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, INSTALL_MASK, LDFLAGS
When trying to reproduce the behavour in comment #11 with ghostscript-gnu-8.16-r3 [ +X -cjk +cups -emacs +gtk ] on the box descibed in comment #12 (x86) i got basically the same results, with the exception that i got a warning: $ ps2epsi paper.ps sed: -e expression #1, char 42: Invalid range end If i should try the same with different ghostscript-(gnu/esp) versions, let me know.
*** Bug 132342 has been marked as a duplicate of this bug. ***
Adding kde metabug Matthias: Yes, please open a separate bug for ps2epsi if it is indeed a bug and the behavious in other ghostscripts is different.
I've now also tried to reproduce comment #11 with ghostscript-gnu-8.16-r1 [ +X -cjk +cups +gtk ] and got exactly the same results as decribed in comment #13. After that i did the same again, but this time with another ps file as source (215 pages / 1.1MB) and got: $ ps2epsi a1.ps Error: /stackoverflow in --roll-- Operand stack: --nostringval-- Execution stack: %interp_exit .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- --nostringval-- false 1 %stopped_push 1 3 %oparray_pop 1 3 %oparray_pop 1 3 %oparray_pop 1 3 %oparray_pop .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- --nostringval-- --nostringval-- false 1 %stopped_push --nostringval-- --nostringval-- --nostringval-- 421 1 660 --nostringval-- %for_pos_int_continue --nostringval-- --nostringval-- 50365 6 %oparray_pop --nostringval-- Dictionary stack: --dict:1118/1686(ro)(G)-- --dict:0/20(G)-- --dict:73/200(L)-- --dict:36/47(L)-- --dict:139/300(L)-- --dict:36/47(L)-- Current allocation mode is local Last OS error: 2 GNU Ghostscript 8.16: Unrecoverable error, exit code 1 sed: -e expression #1, char 42: Invalid range end
I've now tested ps2epsi with all ghostscript versions in portage (afpl, gnu, esp) and it seems to be broken for all of them. Thus i think comment #11 - comment #16 should not be a reason to leave ghostscript-esp-8.15.1_p20060430 in ~arch.
Yes, please mark stable if it doesn't do worse than the current stable...
(In reply to comment #10) > Arches please test and mark ghostscript-esp-8.15.1_p20060430 stable if you can alpha and amd64 stable.
x86 done, thanks for testing Matthias
ppc done.
SPARC'd
stable on ppc64
Just an additional note. After updating ghostscript-esp my printer stopped working. Switching to ghostscript-gnu did not solve my problem at first. I also had to reemerge gimp-print. I am just reporting this because some people already seem to have similar problems: http://forums.gentoo.org/viewtopic-t-434182-highlight-ghostscript.html If there will be a GLSA then I suggest thinking about mentioning this.
Ready for GLSA vote, I vote NO, because ps2epsi is rather uncommon use.
another no
Bug #133123 is about broken gimp-print.
Closing without GLSA.
stable on hppa. Forgot to remove us from CC.
