GNU bug report logs - #28811
11.90.2.2017-07-25; preview-at-point fails with Ghostscript-error

Previous Next

Package: auctex;

Reported by: Thomas Stenhaug <thomas.stenhaug <at> gmail.com>

Date: Fri, 13 Oct 2017 15:03:01 UTC

Severity: normal

Merged with 29249

Found in versions 11.90.2.2017, 11.91

Done: Arash Esbati <arash <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ken Sharp <ken.sharp <at> artifex.com>
To: David Kastrup <dak <at> gnu.org>
Cc: Arash Esbati <arash <at> gnu.org>, 28811 <at> debbugs.gnu.org
Subject: bug#28811: 11.90.2.2017-07-25; preview-at-point
Date: Sat, 04 Nov 2017 19:27:39 +0000

At 18:16 04/11/2017 +0100, David Kastrup wrote:

> > Well the obvious suggestion is simply 'don't use SAFER and DELAYSAFER'
> > because then you don't need .runandhide :-)
>
>They are there for a reason, aren't they?

Yes, though I would (and have) argued against them. The interpreter is 
intended to be able to access the file system (as permitted by the language 
specification). Nevertheless, the capability exists to prevent that, 
because people asked for it.


>It's rendering individual PostScript files in an order determined by the
>current position in a viewer (in this case an Emacs file), and the
>individual files are externally provided, so they may contain malicious
>code.

Provided they are in the current directory, as far as I'm aware you don't 
need to break SAFER for them, because the Current worming directory is 
permitted. I can't recall if that requires -P- or not, it may do.


>Pretty much the principal reason for the existence of DELAYSAFER.

DELAYSAFER is there to permit operations to be concluded that won't work if 
you have SAFER. This is, however, a massive security hole, there are nay 
number of implementations and 'recipes' out there which use SAFER and 
DELAYSAFER and never call .setsafe. Also WRITESYSTEMDICT and other things.

In any event, DELAYSAFER hasn't changed.


>This uses Ghostscript interactively via pipes (or a tty, I forget
>which): if there was a mode "be unsafe on the Ghostscript interpreter
>command line and safe within files read from there", that would work.

No way that Ghostscript can tell the difference, at the interpreter level, 
it all just comes in as streamed data.


>How are safe PostScript viewers to be implemented now?

Well, you can use SAFER, you can even use DELAYSAFER, that has not changed. 
What I'm questioning is the use of .runandhide.


                    Ken
This bug report was last modified 7 years and 185 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.