[tex-k] xdvi 22.40i status
Wed, 10 Apr 2002 19:26:08 +0200
[ Executive summary for Paul:
The problem is with ghostscript 7.04 forbidding access to paths
containing ../, and ghostscript 7.20 forbidding read access to
*all* files in -dSAFER mode, unless the file name comes from
the command line. This will break all xdvi .eps display code,
unless users turn off -dSAFER.
M Shell <email@example.com> writes:
> As far as using TEXINPUTS goes, I will mention it in the docs. This approach
> saves pool space too. However, the situation I had in mind was when authors
> send me tar balls with the eps files in different directories.
> OK, I did some more digging in the Ghostscript development list archives
> and came up with some more information.
Gosh. Thanks a lot for this detective work :-) I'll definitely
save it for later reference. (I didn't know about the
gs-code-review list - it's not linked from the gs sourceforge
page, which is where I had looked for info). Very useful stuff!
So, as for the `../' problem, we could implement a workaround
with realpath() to canonicalize out the `../' components. But
this won't help with the forbidden access problem with newer
ghostscript. From the News.html file in ghostscript-7.20
it sounds as if this `feature' is here to stay:
The -dSAFER flag now tightens read access to arbitrary
files, as well as write access. Thus, -dSAFER in this
release is equivalent to -dSAFER -dPARANOIDSAFER in 7.04.
This will break some viewers, notably gv.
I don't understand why they did this, but there you go ... this
probably needs to be dealt with on the Postscript level, by sending
code to re-enable file access to gs, and maybe we could treat both
this problem and the `../' problem via this method.
Unfortunately I haven't been able to find a way to do this, since
there's some devious code to lock up access to those settings
when -dSAFER is active, and my knowledge on Postscript is pretty
limited. That's why I'm CC'ing this to Paul, since he knows
Postscript really well, and his xdvi version will also be
affected by this change in ghostscript.