[Bi-users] Ghostscript temporarily disabled on Bi login nodes

[Kent Engström]

Dear Bi Users,

there is a nasty bug in ghostscript (used to render postscript files in a
lot of different contexts) that makes it trivial to produce a postscript
file that will execute an arbitrary command as your user when you try to
just view the file (e.g. using evince), convert it (e.g. using ps2pdf)
etc.

In a desktop environment it is even nastier --- the arbitrary command
will be executed when the graphical file browser tries to render a
thumbnail image for the file (the demo exploit hides the postscript as a
TIFF file to trigger thumbnail rendering).


While we are waiting for fixed ghostscript packages from Red Hat /
CentOS we have decided to disable ghostscript on the login nodes of Bi
and similar clusters at NSC, where we think that there is some risk that
users may handle untrusted files from the web, email etc.

At the moment, we have chosen to keep ghostscript enabled on the compute
nodes. You may use them to handle your own trusted postscript files (for
example to convert a graph you just generated from PS to PDF), but
please do not start an interactive session on a node to handle untrusted
postscript files from somewhere else.


Best Regards,
-- 
Kent Engström, National Supercomputer Centre
kent at nsc.liu.se, +46 13 28 4444