[tex-k] [rhn-admin@rhn.redhat.com: RHN Errata Alert: Command execution vulnerability in dvips]

Tim Waugh twaugh@redhat.com
Tue, 15 Oct 2002 17:37:13 +0100


--2zkT5PsbWu6kxoCU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Oct 15, 2002 at 08:20:25AM -0700, Tomas G. Rokicki wrote:

> Dvips uses popen() and system() in 11 different places, and not all
> of them appear to be appropriately protected.

Indeed.  Red Hat Linux 8.0 ships with secure mode enabled by default.
The idea was that people could use -R0 when they needed it (in
practice, there seems to be a bug preventing that from working..).

> I was not aware of this advisory before this time.=20

Really?  I'd been told that this was being discussed with the
maintainer.

> I'm not sure how paranoid I need to be.  The makefont subroutine
> executes scripts, which might be insecure or might execute binaries
> without hardwiring a path, which can then be hijacked, etc.=20

(This is precisely what this advisory is about.)

Tim.
*/

--2zkT5PsbWu6kxoCU
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9rEQ4tO8Ac4jnUq4RAkvnAKCRFJilKLQaQzu1re8Q0yoQ7gj6xACffoP9
qS5EklDG62ZLYRTup+7wL4A=
=aaNF
-----END PGP SIGNATURE-----

--2zkT5PsbWu6kxoCU--