From 885444fcbe10dc42787ecb76686c8ee4dd33bf33 Mon Sep 17 00:00:00 2001 From: Ken Sharp <ken.sharp@artifex.com> Date: Tue, 20 Aug 2019 10:10:28 +0100 Subject: make .forceput inaccessible Bug #701343, #701344, #701345 More defensive programming. We don't want people to access .forecput even though it is no longer sufficient to bypass SAFER. The exploit in #701343 didn't work anyway because of earlier work to stop the error handler being used, but nevertheless, prevent access to .forceput from .setuserparams2. diff --git a/Resource/Init/gs_lev2.ps b/Resource/Init/gs_lev2.ps index 4cc7f820f..0fd416465 100644 --- a/Resource/Init/gs_lev2.ps +++ b/Resource/Init/gs_lev2.ps @@ -158,7 +158,7 @@ end { pop pop } ifelse - } forall + } executeonly forall % A context switch might have occurred during the above loop, % causing the interpreter-level parameters to be reset. % Set them again to the new values. From here on, we are safe, @@ -229,9 +229,9 @@ end { pop pop } ifelse - } + } executeonly forall pop -} .bind odef +} .bind executeonly odef % Initialize the passwords. % NOTE: the names StartJobPassword and SystemParamsPassword are known to diff --git a/Resource/Init/gs_pdfwr.ps b/Resource/Init/gs_pdfwr.ps index c158a8faf..422e66e1a 100644 --- a/Resource/Init/gs_pdfwr.ps +++ b/Resource/Init/gs_pdfwr.ps @@ -658,11 +658,11 @@ currentdict /.pdfmarkparams .undef systemdict /.pdf_hooked_DSC_Creator //true .forceput } executeonly if pop - } if + } executeonly if } { pop } ifelse - } + } executeonly { pop } ifelse