697193 – status should check PermitFileReading

Bug 697193 - status should check PermitFileReading

Summary: status should check PermitFileReading

Status:	RESOLVED FIXED

Alias:	None

Product:	Ghostscript
Classification:	Unclassified
Component:	General (show other bugs)
Version:	9.20
Hardware:	PC Linux

Importance:	P4 minor
Assignee:	Chris Liddell (chrisl)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-10-05 08:54 UTC by Tavis Ormandy
Modified:	2016-10-08 09:14 UTC (History)
CC List:	1 user (show)

See Also:
Customer:
Word Size:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tavis Ormandy 2016-10-05 08:54:51 UTC

status doesn't require the filename to match PermitFileReading, I think this is a minor -dSAFER bug because it can leak the existence and size of filenames.

Comment 1 Chris Liddell (chrisl) 2016-10-08 09:14:42 UTC

Fixed in:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b60d50b7

Format For Printing
- XML
- Clone This Bug
- Top of page