diff options
author | Ken Sharp <ken.sharp@artifex.com> | 2018-08-28 16:27:53 +0100 |
---|---|---|
committer | Ken Sharp <ken.sharp@artifex.com> | 2018-08-28 16:28:13 +0100 |
commit | 520bb0ea7519aa3e79db78aaf0589dae02103764 (patch) | |
tree | 415d859d2557e447824142d73a8d15c1b7c98728 | |
parent | 21ae2f8d9953ffe8d6c8f1b2bf72a14b54d50e74 (diff) |
Bug #699654 (again) and Bug #699677 Improve operator removal for SAFER
Take inspiration from the code to remove unused/dangerous operators
and, when SAFER is true, remove a bunch more non-standard operators
or routines.
In particular remove the .bindnow operator, which should have been
removed previously for Bug #699677 and remove the
.pushpdf14devicefilter for Bug #699654. Only the PDF interpreter
needs to use that, and the device in question only expects to be used
carefully and in the correct sequence. Make sure nobody can meddle with
it.
In addition I removed a number of other operators which are not needed
in normal operation. Some of them, however, are useful so these
(with the exception of .bindnow which is always removed) are only
undefined if SAFER is true.
This allows our QA procedure to continue to use them, which is
particularly important in the case of .makeoperator and .setCPSImode.
At a later date we may choose to move some of these into the regular
undefinition code, ie not dependent on SAFER.
-rw-r--r-- | Resource/Init/gs_init.ps | 36 |
1 files changed, 28 insertions, 8 deletions
diff --git a/Resource/Init/gs_init.ps b/Resource/Init/gs_init.ps index aa4aaa630..36b7d8a54 100644 --- a/Resource/Init/gs_init.ps +++ b/Resource/Init/gs_init.ps | |||
@@ -2135,6 +2135,26 @@ readonly def | |||
2135 | % If we are running in SAFER mode, lock things down | 2135 | % If we are running in SAFER mode, lock things down |
2136 | SAFER { .setsafeglobal } if | 2136 | SAFER { .setsafeglobal } if |
2137 | 2137 | ||
2138 | /SAFERUndefinePostScriptOperators { | ||
2139 | [ | ||
2140 | % Used by our own test suite files | ||
2141 | /.pushpdf14devicefilter % transparency-example.ps | ||
2142 | /.poppdf14devicefilter % transparency-example.ps | ||
2143 | /.setopacityalpha % transparency-example.ps | ||
2144 | /.setshapealpha % transparency-example.ps | ||
2145 | /.endtransparencygroup % transparency-example.ps | ||
2146 | /.setdotlength % Bug687720.ps | ||
2147 | /.sort /.setdebug /.mementolistnewblocks /getenv | ||
2148 | |||
2149 | /.makeoperator /.setCPSImode % gs_cet.ps, this won't work on cluster with -dSAFER | ||
2150 | |||
2151 | /unread | ||
2152 | ] | ||
2153 | {systemdict exch .forceundef} forall | ||
2154 | |||
2155 | //systemdict /SAFERUndefinePostScriptOperators .forceundef | ||
2156 | }bind def | ||
2157 | |||
2138 | /UndefinePostScriptOperators { | 2158 | /UndefinePostScriptOperators { |
2139 | 2159 | ||
2140 | %% This list is of Display PostScript operators. We believe that Display PostScript | 2160 | %% This list is of Display PostScript operators. We believe that Display PostScript |
@@ -2214,7 +2234,7 @@ SAFER { .setsafeglobal } if | |||
2214 | %/.buildfotn32 /.buildfont42 /.type9mapcid /.type11mapcid /.swapcolors | 2234 | %/.buildfotn32 /.buildfont42 /.type9mapcid /.type11mapcid /.swapcolors |
2215 | %/currentdevice /.quit /.setuseciecolor /.needinput /.setoverprintmode /.special_op /.dicttomark /.knownget | 2235 | %/currentdevice /.quit /.setuseciecolor /.needinput /.setoverprintmode /.special_op /.dicttomark /.knownget |
2216 | %/.FAPIavailable /.FAPIpassfont /.FAPIrebuildfont /.FAPIBuildGlyph /.FAPIBuildChar /.FAPIBuildGlyph9 | 2236 | %/.FAPIavailable /.FAPIpassfont /.FAPIrebuildfont /.FAPIBuildGlyph /.FAPIBuildChar /.FAPIBuildGlyph9 |
2217 | %/.tempfile /.numicc_components /.set_outputintent /.max /.min /.shfill /.vmreclaim /.getpath /.setglobal | 2237 | %/.tempfile /.numicc_components /.set_outputintent /.max /.min /.vmreclaim /.getpath /.setglobal |
2218 | %/.setdebug /.mementolistnewblocks /getenv | 2238 | %/.setdebug /.mementolistnewblocks /getenv |
2219 | ] | 2239 | ] |
2220 | {systemdict exch .forceundef} forall | 2240 | {systemdict exch .forceundef} forall |
@@ -2244,13 +2264,6 @@ SAFER { .setsafeglobal } if | |||
2244 | /.setwordspacing /.currentwordspacing /.settexthscaling /.currenttexthscaling /.setPDFfontsize /.currentPDFfontsize | 2264 | /.setwordspacing /.currentwordspacing /.settexthscaling /.currenttexthscaling /.setPDFfontsize /.currentPDFfontsize |
2245 | /.setdistillerparams | 2265 | /.setdistillerparams |
2246 | 2266 | ||
2247 | % Used by our own test suite files | ||
2248 | %/.pushpdf14devicefilter % transparency-example.ps | ||
2249 | %/.poppdf14devicefilter % transparency-example.ps | ||
2250 | %/.setopacityalpha % transparency-example.ps | ||
2251 | %/.setshapealpha % transparency-example.ps | ||
2252 | %/.endtransparencygroup % transparency-example.ps | ||
2253 | |||
2254 | % undefining these causes errors/incorrect output | 2267 | % undefining these causes errors/incorrect output |
2255 | %/.settextrenderingmode /.setblendmode /.begintransparencygroup /.settextknockout /check_r6_password /.setstrokeoverprint /.setfilloverprint | 2268 | %/.settextrenderingmode /.setblendmode /.begintransparencygroup /.settextknockout /check_r6_password /.setstrokeoverprint /.setfilloverprint |
2256 | %/.currentstrokeoverprint /.currentfilloverprint /.currentfillconstantalpha /.currentstrokeconstantalpha | 2269 | %/.currentstrokeoverprint /.currentfilloverprint /.currentfillconstantalpha /.currentstrokeconstantalpha |
@@ -2272,6 +2285,9 @@ SAFER { .setsafeglobal } if | |||
2272 | //systemdict /.delaybind {} .forceput % reclaim the space | 2285 | //systemdict /.delaybind {} .forceput % reclaim the space |
2273 | //systemdict /.bindnow .forceundef % ditto | 2286 | //systemdict /.bindnow .forceundef % ditto |
2274 | put | 2287 | put |
2288 | SAFER { | ||
2289 | //systemdict /SAFERUndefinePostScriptOperators get exec | ||
2290 | } if | ||
2275 | //systemdict /UndefinePostScriptOperators get exec | 2291 | //systemdict /UndefinePostScriptOperators get exec |
2276 | //systemdict /UndefinePDFOperators get exec | 2292 | //systemdict /UndefinePDFOperators get exec |
2277 | //systemdict /.forcecopynew .forceundef % remove temptation | 2293 | //systemdict /.forcecopynew .forceundef % remove temptation |
@@ -2385,6 +2401,9 @@ currentdict /.renderingintentdict .undef | |||
2385 | %% If we are using DELAYBIND we have to defer the undefinition | 2401 | %% If we are using DELAYBIND we have to defer the undefinition |
2386 | %% until .bindnow. | 2402 | %% until .bindnow. |
2387 | DELAYBIND not { | 2403 | DELAYBIND not { |
2404 | SAFER { | ||
2405 | //systemdict /SAFERUndefinePostScriptOperators get exec | ||
2406 | } if | ||
2388 | //systemdict /UndefinePostScriptOperators get exec | 2407 | //systemdict /UndefinePostScriptOperators get exec |
2389 | //systemdict /UndefinePDFOperators .forceundef | 2408 | //systemdict /UndefinePDFOperators .forceundef |
2390 | } if | 2409 | } if |
@@ -2395,6 +2414,7 @@ end | |||
2395 | { pop NOGC not { 2 .vmreclaim 0 vmreclaim } if | 2414 | { pop NOGC not { 2 .vmreclaim 0 vmreclaim } if |
2396 | } if | 2415 | } if |
2397 | DELAYBIND not { | 2416 | DELAYBIND not { |
2417 | systemdict /.bindnow .undef % We only need this for DELAYBIND | ||
2398 | systemdict /.forcecopynew .undef % remove temptation | 2418 | systemdict /.forcecopynew .undef % remove temptation |
2399 | systemdict /.forcedef .undef % ditto | 2419 | systemdict /.forcedef .undef % ditto |
2400 | systemdict /.forceput .undef % ditto | 2420 | systemdict /.forceput .undef % ditto |