tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkgsrc and security: xpdf example
I wonder if there is a "hardening" option for pkgsrc compiled packages
to disable some features.
I will take the example of xpdf.
For printing, it takes a command line. And the problem is that it just
takes a whatever command line and feed it to system(3).
Supposing one wants just to provide an user with a mean to display PDF
files, trying to limit the commands used by the user to just what is
explicitely defined. The ability to send arbitrary
commands is a problem.
So is there an option to generally disable this kind of features in
packages (supposing they are identified/known)?
FWIW, I attach a diff to suppress the ability in PDF to get a pure
viewer.
--
Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
http://www.kergis.com/
http://www.sbfa.fr/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
--- XPDFViewer.cc.orig 2018-04-12 08:24:50.000000000 +0200
+++ XPDFViewer.cc 2018-04-12 08:33:57.000000000 +0200
@@ -201,7 +201,7 @@
{ "postPopupMenu", 0, gFalse, gTrue, &XPDFViewer::cmdPostPopupMenu },
{ "prevPage", 0, gTrue, gFalse, &XPDFViewer::cmdPrevPage },
{ "prevPageNoScroll", 0, gTrue, gFalse, &XPDFViewer::cmdPrevPageNoScroll },
- { "print", 0, gTrue, gFalse, &XPDFViewer::cmdPrint },
+ { "print", 0, gFalse, gFalse, &XPDFViewer::cmdPrint },
{ "quit", 0, gFalse, gFalse, &XPDFViewer::cmdQuit },
{ "raise", 0, gFalse, gFalse, &XPDFViewer::cmdRaise },
{ "redraw", 0, gTrue, gFalse, &XPDFViewer::cmdRedraw },
@@ -265,7 +265,7 @@
initWindow(fullScreen);
initAboutDialog();
initFindDialog();
- initPrintDialog();
+ // initPrintDialog();
openDialog = NULL;
saveAsDialog = NULL;
@@ -325,7 +325,7 @@
initWindow(fullScreen);
initAboutDialog();
initFindDialog();
- initPrintDialog();
+ // initPrintDialog();
openDialog = NULL;
saveAsDialog = NULL;
@@ -1856,6 +1856,7 @@
XtSetArg(args[n], XmNbottomAttachment, XmATTACH_FORM); ++n;
XtSetArg(args[n], XmNmarginWidth, 6); ++n;
XtSetArg(args[n], XmNlabelString, emptyString); ++n;
+ /*
printBtn = XmCreatePushButton(toolBar, "print", args, n);
addToolTip(printBtn, "Print");
XtManageChild(printBtn);
@@ -1868,6 +1869,7 @@
XtSetArg(args[n], XmNbottomAttachment, XmATTACH_FORM); ++n;
XtSetArg(args[n], XmNmarginWidth, 6); ++n;
XtSetArg(args[n], XmNlabelString, emptyString); ++n;
+ */
aboutBtn = XmCreatePushButton(toolBar, "about", args, n);
addToolTip(aboutBtn, "About / help");
XtManageChild(aboutBtn);
@@ -1976,6 +1978,7 @@
#endif
popupMenu = XmCreatePopupMenu(core->getDrawAreaWidget(), "popupMenu",
args, n);
+ /*
n = 0;
s = XmStringCreateLocalized("Open...");
XtSetArg(args[n], XmNlabelString, s); ++n;
@@ -1995,6 +1998,7 @@
XtManageChild(btn);
XtAddCallback(btn, XmNactivateCallback,
&openInNewWindowCbk, (XtPointer)this);
+ */
n = 0;
s = XmStringCreateLocalized("Reload");
XtSetArg(args[n], XmNlabelString, s); ++n;
@@ -2006,6 +2010,7 @@
XtManageChild(btn);
XtAddCallback(btn, XmNactivateCallback,
&reloadCbk, (XtPointer)this);
+ /*
n = 0;
s = XmStringCreateLocalized("Save as...");
XtSetArg(args[n], XmNlabelString, s); ++n;
@@ -2014,6 +2019,7 @@
XtManageChild(btn);
XtAddCallback(btn, XmNactivateCallback,
&saveAsCbk, (XtPointer)this);
+ */
n = 0;
btn = XmCreateSeparator(popupMenu, "sep1", args, n);
XtManageChild(btn);
@@ -2277,6 +2283,7 @@
findDis_height,
fg, bg, depth),
NULL);
+ /*
XtVaSetValues(printBtn, XmNlabelType, XmPIXMAP,
XmNlabelPixmap,
XCreatePixmapFromBitmapData(display, XtWindow(toolBar),
@@ -2297,6 +2304,7 @@
printDis_height,
fg, bg, depth),
NULL);
+ */
XtVaSetValues(aboutBtn, XmNlabelType, XmPIXMAP,
XmNlabelPixmap,
XCreatePixmapFromBitmapData(display, XtWindow(toolBar),
@@ -2662,7 +2670,7 @@
#ifndef DISABLE_OUTLINE
viewer->setupOutline();
#endif
- viewer->setupPrintDialog();
+ // viewer->setupPrintDialog();
}
if (viewer->toolBar != None) {
Home |
Main Index |
Thread Index |
Old Index