New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] imagemagick: disable ghostscript vector formats #45457
Conversation
Security hole in ghostscript. See https://www.kb.cert.org/vuls/id/332928
Are such settings overridable in the runtime in case of trusted Postscript file source (as in: verified MetaPost script) or reasonable isolation measures (as in: container-like isolation with no network access and no write access outside tmpfs)? |
The policy is in |
Well, I normally sandbox the entire program anyway, because who can trust a PDF viewer to be correct on files not created in a control way. Sandboxing just Ghostscript sounds like a nice plan, but it does seem that, for example, GIMP uses |
OK, this makes it a bigger problem. |
As far as I understand it, the only Maybe the correct solution for Nixpkgs is to mark ghostscript vulnerable? |
Should we just close this PR in favor of a more complete "ghostscript sandbox" solution? |
Not sure about feasibility of Ghostscript sandboxing with libgs, but I do think that with Nix dependency model the change in this PR is not very useful in practice. |
Closing in favor of #46047 |
Motivation for this change
Prevent a wecurity hole in ghostscript to be abused.
See https://www.kb.cert.org/vuls/id/332928 for more details
Things done
policy.xml
disallowing conversion of PS/EPS/PDF/XPS filessandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)