Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.postscript > #3326
| From | Eli the Bearded <*@eli.users.panix.com> |
|---|---|
| Newsgroups | comp.lang.postscript |
| Subject | massive security hole in Ghostscript |
| Date | 2018-10-30 18:56 +0000 |
| Organization | Some absurd concept |
| Message-ID | <eli$1810301456@qaz.wtf> (permalink) |
Apparently it's trivally easy to break out of ghostscript's sandbox to get full write access to the host's filesystem through broken error handlers. https://www.openwall.com/lists/oss-security/2018/10/09/4 Elijah ------ probably other things that can be done outside of writing to disk
Back to comp.lang.postscript | Previous | Next | Find similar
massive security hole in Ghostscript Eli the Bearded <*@eli.users.panix.com> - 2018-10-30 18:56 +0000
csiph-web