toyplot icon indicating copy to clipboard operation
toyplot copied to clipboard

Published 20 hours ago verified publisher icon sandialabs

Issue 3: Ghostscript Invocation Inconsistencies and Reduced Sandbox

Open garland3 opened this issue 2 months ago • 0 comments

Issue 3: Ghostscript Invocation Inconsistencies and Reduced Sandbox

Severity: Medium

Summary

Toyplot invokes Ghostscript to rasterize PDF -> PNG. There are two issues:

  1. PATH-based command discovery without absolute path enforcement (risk of binary hijack in compromised environments).
  2. Inconsistent security flags: render() uses _gs_command plus -dSAFER; render_frames() hardcodes "gs" and omits -dSAFER.

Affected Component

File: toyplot/reportlab/png.py

  • _gs_command discovery loop
  • render() vs render_frames() command arrays

Impact

  • Potential execution of malicious gs earlier in PATH (local privilege boundaries may be crossed if Toyplot runs with elevated privileges).
  • Missing -dSAFER increases attack surface (historical Ghostscript sandbox escape CVEs could allow file read / write or code execution).

Root Cause

Lack of uniform command building logic & absent validation of resolved path.

Recommendation (Patch)

  1. Use shutil.which() to resolve an absolute path:
import shutil, os
_gs_command = None
for candidate in ["gs", "gswin64c", "gswin32c"]:
    path = shutil.which(candidate)
    if path:
        _gs_command = os.path.realpath(path)
        break
if _gs_command is None:
    raise EnvironmentError("Ghostscript executable not found.")
  1. Factor a helper to build the command list (ensuring -dSAFER or modern equivalent) and reuse in both render and render_frames.
  2. Replace hardcoded "gs" in render_frames() with _gs_command.

Optional Hardening

  • Reject world-writable directories in the resolved path when in a hardened mode.
  • Allow user override via environment variable (documented) with caution.

Verification Steps

  1. Before patch: rename a malicious script to gs earlier in PATH; observe execution path.
  2. After patch: tool uses absolute trusted path.
  3. Confirm both rendering functions include sandbox flags.

References

  • Ghostscript security advisories (CVE history)
  • Principle of least privilege & PATH hijacking (MITRE CWE-426)

Tracking

Labels: security, ghostscript, sandbox, medium-priority.

garland3 avatar Sep 27 '25 23:09 garland3