bug#32515: GNOME thumbnailing code execution vulnerabilities.

[Maxime Devos]

Leo Famulari (26 Feb 2019) wrote:
> Since this bug was filed, Ghostscript has received more scrutiny and
> serious bugs continue to be found.

I assume you meant ‘fixed’.

> [...]
> Barring that, we should keep our package up to date

ghostscript can be updated to 9.54 
(https://ghostscript.com/download/gsdnld.html).
This will require grafts due to many depending packages.
However, looking at
https://bugs.ghostscript.com/buglist.cgi?order=Bug%20Number&product=Ghostscript&query_format=advanced&resolution=---&version=9.52&version=9.53.0&version=9.53.1&version=9.53.2&version=9.53.3&version=9.54.0
it seems there are no known security vulnerabilities.

evince can be updated from 3.36.5 to 40.0 according to "guix refresh",
that would be done in https://issues.guix.gnu.org/47643  think.

> and try to make sure
> the GNOME thumbnailer and other "hidden" users of Ghostscript are run in
> containers.

The thumbnailer is run in a container, using bubblewrap and seccomp:

$ guix graph --type=references gnome-desktop
> [snip]
> "/gnu/store/82lh0zkg0jc64j7k9liz75yrzn3aqzp7-gnome-desktop-3.34.2" -> 
> "/gnu/store/jsw78nn91z34z2cm227zwjhpybx2p2lw-bubblewrap-0.4.1" [color = 
> darkseagreen];
> "/gnu/store/82lh0zkg0jc64j7k9liz75yrzn3aqzp7-gnome-desktop-3.34.2" -> 
> "/gnu/store/w668dl13dac6gpxvyhic21dnifrrijp6-libseccomp-2.5.1" [color = 
> darkseagreen];
> [snip]

$ EDITOR=less guix edit gnome-desktop
> [snip]
> ("bubblewrap" ,bubblewrap)
> [snip]

$ cat ./libgnome-desktop/gnome-desktop-thumbnail-script.c:
> [snip]
> [an add_bwrap function with bind mounts and --unshare-all]
> [a setup_seccomp function]
> [snip]

Closing.

Greetings,
Maxime.

signature.asc
Description: This is a digitally signed message part