Results 1 to 4 of 4
  1. #1
    Join Date
    Sep 2009
    Location
    UK Midlands
    Posts
    16

    Ghostscript install - any security issues?

    I'm running Cpanel servers under Centos 5.3.

    The setup is pretty much stock (just APF and BFD on top).

    I have had a few requests for Ghostscript to be made available, so I am looking into the security issues that might cause problems.

    Is anyone aware of any ongoing issues I should pay special attention to?

    Cheers

    Steve

  2. #2
    Join Date
    Apr 2009
    Location
    USA / UK
    Posts
    4,577
    Quote Originally Posted by santrix View Post
    I'm running Cpanel servers under Centos 5.3.

    The setup is pretty much stock (just APF and BFD on top).

    I have had a few requests for Ghostscript to be made available, so I am looking into the security issues that might cause problems.

    Is anyone aware of any ongoing issues I should pay special attention to?

    Cheers

    Steve
    Ghostscript is a postscript and pdf library - useful for generating printer-friendly pages.

    It is not a security issue at all to install that for your clients.
    RAM Host -- USA Premium & Budget Linux Hosting
    █ Featuring Powerful cPanel Shared Hosting
    █ & Premium Virtual Dedicated Servers
    Follow us on Twitter

  3. #3
    Join Date
    Sep 2009
    Location
    UK Midlands
    Posts
    16
    Thanks. I know what it does in a broad sense, but I did come across some articles, and wondered if the issues documented were still relevant, as many of the articles seem to be reasonably old.

    Just google for "ghostscript security" and you will see a few of the messages I'm talking about.

    Steve

  4. #4
    Join Date
    Apr 2009
    Location
    USA / UK
    Posts
    4,577
    Quote Originally Posted by santrix View Post
    Thanks. I know what it does in a broad sense, but I did come across some articles, and wondered if the issues documented were still relevant, as many of the articles seem to be reasonably old.

    Just google for "ghostscript security" and you will see a few of the messages I'm talking about.

    Steve
    Ah yes.

    I though by security you meant "will this compromise my server?"

    the answer is a resounding no.

    ---

    If by security you mean "is it possible for people to create malicious PostScript or PDF files?" then the answer will always be yes and there's nothing to be done about that.

    I would advise this: install it and keep it current with security patches just like any other software. If your server is fine then all is well then you have nothing to worry about.

    ghostscript is *very* low risk software - if it crashes it only affects that one user, if it overflows it only affects that one user, etc.

    Not much of anything can happen because of ghostscript that would impact the overall stability and security of the server.
    RAM Host -- USA Premium & Budget Linux Hosting
    █ Featuring Powerful cPanel Shared Hosting
    █ & Premium Virtual Dedicated Servers
    Follow us on Twitter

Similar Threads

  1. Security issues?
    By sytker in forum Hosting Security and Technology
    Replies: 3
    Last Post: 10-09-2006, 05:12 PM
  2. ghostscript on linux
    By koorb in forum Programming Discussion
    Replies: 5
    Last Post: 06-15-2003, 05:52 PM
  3. ISP security issues
    By F******Idiot in forum Hosting Security and Technology
    Replies: 2
    Last Post: 03-11-2003, 06:57 PM
  4. FTP security issues
    By mintz in forum Hosting Security and Technology
    Replies: 4
    Last Post: 02-03-2001, 04:37 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •