[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-gv] Security issues

From: Bernhard R. Link
Subject: Re: [bug-gv] Security issues
Date: Sat, 29 May 2010 20:28:24 +0200
User-agent: Mutt/1.5.18 (2008-05-17)

* Markus Steinborn <address@hidden> [100529 20:15]:
> Both problems are essentially the same. I would say we have at least
> three options:

> (3) Changing the default resources and open a big warning if "-P- "
> isn't a substring of the resource string in question.

I'd go for "-P". This way the user can use explicit "-P" if they want
that behaviour and not get a warning and everything with old stuff gets
an -P- added.

> (2) Changing the default resources and increasing the required version
> of the resources so gv-update-userconfig deletes the vulnerable
> resources.

This would have the disadvantage that for security updates of stable
releases, every user would have to run the translate script. And I'm not
sure Debian stable even has script.

But perhaps that could be combined with the other behaviours. With the
next new version of the config file, do (3), until that, do (1).

> (1) Rewrite the command before execution, adding the option "-P-" at the
> beginning.

Of course only if not "-P" (including "-P-") is found.

And I guess the same with the "pdf2dsc.ps" file. Though it is hard to
tell without a ghostscript that supports -P- yet...

        Bernhard R. Link

reply via email to

[Prev in Thread] Current Thread [Next in Thread]