[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#28811: 11.90.2.2017-07-25; preview-at-point
From: |
David Kastrup |
Subject: |
bug#28811: 11.90.2.2017-07-25; preview-at-point |
Date: |
Sat, 04 Nov 2017 18:16:28 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) |
Ken Sharp <address@hidden> writes:
> Well the obvious suggestion is simply 'don't use SAFER and DELAYSAFER'
> because then you don't need .runandhide :-)
They are there for a reason, aren't they?
> The problem is that PostScript is a programming language, and the
> snippets above, intermingled with some other language, are a)
> difficult to read and b) shorn of context. Its hard for me to pick out
> just the PostScript from whatever the other language is and without
> knowing what the aim is its pretty much impossible to figure out what
> the PostScript is doing.
It's rendering individual PostScript files in an order determined by the
current position in a viewer (in this case an Emacs file), and the
individual files are externally provided, so they may contain malicious
code.
Pretty much the principal reason for the existence of DELAYSAFER. Since
the rendering order is determined interactively, different files need to
be opened. Also it is hard to divert the input to an external file and
it would look pointless since the main "feature" is that the end of the
file is yet unknown while the start is already being interpreted.
This uses Ghostscript interactively via pipes (or a tty, I forget
which): if there was a mode "be unsafe on the Ghostscript interpreter
command line and safe within files read from there", that would work.
> At a guess, it looks like the intention is to access files outside of
> Ghostscript's tree, while using the -dSAFER option, which bars access
> to such files. The obvious answer to my mind is 'don't do that', apart
> from anything else it seems pointless.
How are safe PostScript viewers to be implemented now?
--
David Kastrup
- bug#28811: 11.90.2.2017-07-25; preview-at-point, Arash Esbati, 2017/11/03
- bug#28811: 11.90.2.2017-07-25; preview-at-point, Ken Sharp, 2017/11/04
- bug#28811: 11.90.2.2017-07-25; preview-at-point,
David Kastrup <=
- bug#28811: 11.90.2.2017-07-25; preview-at-point, Ken Sharp, 2017/11/04
- bug#28811: 11.90.2.2017-07-25; preview-at-point, David Kastrup, 2017/11/04
- bug#28811: 11.90.2.2017-07-25; preview-at-point, Ken Sharp, 2017/11/05
- bug#28811: 11.90.2.2017-07-25; preview-at-point, David Kastrup, 2017/11/05
- bug#28811: 11.90.2.2017-07-25; preview-at-point, Ken Sharp, 2017/11/05
- bug#28811: 11.90.2.2017-07-25; preview-at-point, David Kastrup, 2017/11/05
- bug#28811: 11.90.2.2017-07-25; preview-at-point, David Kastrup, 2017/11/05
- bug#28811: 11.90.2.2017-07-25; preview-at-point, Ken Sharp, 2017/11/06
bug#28811: 11.90.2.2017-07-25; preview-at-point, Arash Esbati, 2017/11/04