The new default behaviour prevents files relative to the current working directory being loaded at initialisation when -dSAFER is used-- this is great news. However, it also prevents these files being loaded after initialisation, leading to the sort of failure seen below. Is it possible to prevent non-system files being loaded during initialisation whilst retaining the ability to load CWD files after initialisation is finished? touch spiral.ps gs -dSAFER <<EOF (spiral.ps) (r) file EOF GPL Ghostscript 9.00 (2010-09-14) Copyright (C) 2010 Artifex Software, Inc. All rights reserved. This software comes with NO WARRANTY: see the file PUBLIC for details. GS>Error: /invalidfileaccess in --file-- Operand stack: (spiral.ps) (r) Execution stack: %interp_exit .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- --nostringval-- %loop_continue --nostringval-- --nostringval-- false 1 %stopped_push .runexec2 --nostringval-- --nostringval-- --nostringval-- 2 %stopped_push --nostringval-- Dictionary stack: --dict:1151/1684(ro)(G)-- --dict:0/20(G)-- --dict:77/200(L)-- Current allocation mode is local Last OS error: 11 Current file position is 21 GS<2>
1. gs is working as designed. A rogue PS program is prevented from snooping on the user's files. 2. v. 9.00 didn't introduce anything new in this respect. Earlier versions of gs report exactly the same error.
Sorry, this change of behaviour was introduced in 8.71, not 9.00. Is there any switch that can be used for a known-good PS program that wants to (a) read user files, and (b) operate safely during initialisation so that user files are not read until initialisation is complete?
Once 'SAFER' is set, the list of permitted directories is locked. Only by having a 'known good' PS file in a location that is acceptable to be accessed can the known good file be used by specifying that directory with the -I option on the command line. Ghostscript 9.00 is working as documented and as intended insofar as this behavior.