GNU bug report logs - #32515
Ghostscript and GNOME thumbnailing code execution vulnerabilities

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Thu, 23 Aug 2018 21:03:02 UTC

Severity: normal

Tags: security

Done: Maxime Devos <maximedevos <at> telenet.be>

Bug is archived. No further changes may be made.

Full log

Message #22 received at 32515 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: 32515 <at> debbugs.gnu.org, maximedevos <at> telenet.be
Subject: Re: bug#32515: GNOME thumbnailing code execution vulnerabilities.
Date: Fri, 9 Apr 2021 14:48:15 -0400

[Message part 1 (text/plain, inline)]
On Fri, Apr 09, 2021 at 03:51:21PM +0200, Maxime Devos wrote:
> Leo Famulari (26 Feb 2019) wrote:
> > Since this bug was filed, Ghostscript has received more scrutiny and
> > serious bugs continue to be found.
> 
> I assume you meant ‘fixed’.

I did not mean 'fixed'. As far as I know, no work was done in Guix about
this bug.

'filed' is definitely the correct interpretation; security researchers
ignored postscript / Ghostcript for a very long time, but it became a
popular area of research a few years ago.

Basically, Ghostscript is a decades-old C codebase implementing an even
older language specification. Caveat emptor.

Unlike some other similar codebases, like OpenSSL, the situation
regarding security researchers and vulnerability disclosure has not
really improved, as far as I can tell :/


> The thumbnailer is run in a container, using bubblewrap and seccomp:
> 
> $ guix graph --type=references gnome-desktop
> > [snip]
> > "/gnu/store/82lh0zkg0jc64j7k9liz75yrzn3aqzp7-gnome-desktop-3.34.2" -> "/gnu/store/jsw78nn91z34z2cm227zwjhpybx2p2lw-bubblewrap-0.4.1" [color = darkseagreen];
> > "/gnu/store/82lh0zkg0jc64j7k9liz75yrzn3aqzp7-gnome-desktop-3.34.2" -> "/gnu/store/w668dl13dac6gpxvyhic21dnifrrijp6-libseccomp-2.5.1" [color = darkseagreen];
> > [snip]
> 
> $ EDITOR=less guix edit gnome-desktop
> > [snip]
> > ("bubblewrap" ,bubblewrap)
> > [snip]
> 
> $ cat ./libgnome-desktop/gnome-desktop-thumbnail-script.c:
> > [snip]
> > [an add_bwrap function with bind mounts and --unshare-all]
> > [a setup_seccomp function]
> > [snip]
> 
> Closing.

Great, looks like upstream took care of it for us. There will probably
be more bugs in this area, but that's expected.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 4 years and 45 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.