36bbd7a6ad
Security fixes for CVE-2024-33869 bsc#1226946 and CVE-2023-52722 bsc#1223852 and CVE-2024-33870 bsc#1226944 and CVE-2024-33871 bsc#1225491 and CVE-2024-29510 bsc#1226945 for ghostscript and ghostscript-mini OBS-URL: https://build.opensuse.org/request/show/1184312 OBS-URL: https://build.opensuse.org/package/show/Printing/ghostscript?expand=0&rev=179
33 lines
983 B
Diff
33 lines
983 B
Diff
From 0d58bab5cdc7e76d7220ce441d39812c85329ba2 Mon Sep 17 00:00:00 2001
|
|
From: Martin Wilck <mwilck@suse.com>
|
|
Date: Fri, 8 Mar 2019 12:01:13 +0100
|
|
Subject: [PATCH] ijs: ijs_exec_server(): don't use "sh"
|
|
|
|
If ghostscript is confined using security profiles, executing "sh"
|
|
must be obviously avoided. So, try to exec the IJS server binary
|
|
directly. This should enable security profile writers to select
|
|
which IJS binaries to allow.
|
|
|
|
Signed-off-by: Martin Wilck <mwilck@suse.com>
|
|
---
|
|
ijs/ijs_exec_unix.c | 3 ---
|
|
1 file changed, 3 deletions(-)
|
|
|
|
diff --git a/ijs/ijs_exec_unix.c b/ijs/ijs_exec_unix.c
|
|
index 6225694..e775dc3 100644
|
|
--- a/ijs/ijs_exec_unix.c
|
|
+++ b/ijs/ijs_exec_unix.c
|
|
@@ -70,9 +70,6 @@ ijs_exec_server(const char *server_cmd, int *pfd_to, int *pfd_from,
|
|
argv[i++] = "gdb";
|
|
#endif
|
|
|
|
- argv[i++] = "sh";
|
|
- argv[i++] = "-c";
|
|
-
|
|
argv[i++] = (char *)server_cmd;
|
|
argv[i++] = NULL;
|
|
status = execvp (argv[0], (char * const *)argv);
|
|
--
|
|
2.21.0
|
|
|