Ghostscript install - any security issues? - Knowledgebase

Portal Home > Knowledgebase > Articles Database > Ghostscript install - any security issues?

Ghostscript install - any security issues?

Posted by santrix, 09-11-2009, 01:02 PM
I'm running Cpanel servers under Centos 5.3. The setup is pretty much stock (just APF and BFD on top). I have had a few requests for Ghostscript to be made available, so I am looking into the security issues that might cause problems. Is anyone aware of any ongoing issues I should pay special attention to? Cheers Steve
Posted by ramnet, 09-11-2009, 04:05 PM
Ghostscript is a postscript and pdf library - useful for generating printer-friendly pages. It is not a security issue at all to install that for your clients.
Posted by santrix, 09-13-2009, 11:23 AM
Thanks. I know what it does in a broad sense, but I did come across some articles, and wondered if the issues documented were still relevant, as many of the articles seem to be reasonably old. Just google for "ghostscript security" and you will see a few of the messages I'm talking about. Steve
Posted by ramnet, 09-13-2009, 11:34 AM
Ah yes. I though by security you meant "will this compromise my server?" the answer is a resounding no. --- If by security you mean "is it possible for people to create malicious PostScript or PDF files?" then the answer will always be yes and there's nothing to be done about that. I would advise this: install it and keep it current with security patches just like any other software. If your server is fine then all is well then you have nothing to worry about. ghostscript is *very* low risk software - if it crashes it only affects that one user, if it overflows it only affects that one user, etc. Not much of anything can happen because of ghostscript that would impact the overall stability and security of the server.

Add to Favourites Print this Article