[wp-trac] [WordPress Trac] #47060: Site Health Check: unequivocal advice to install a Ghostscript interpreter needs reviewing
WordPress Trac
noreply at wordpress.org
Sat Apr 27 15:24:04 UTC 2019
#47060: Site Health Check: unequivocal advice to install a Ghostscript interpreter
needs reviewing
----------------------------+-----------------------------
Reporter: DavidAnderson | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: trunk
Severity: normal | Keywords:
Focuses: |
----------------------------+-----------------------------
If you don't have php-imagick installed, then the "Site Health Check"
feature will unequivocally advise you to install it for security. The
linked documentation mentions that you'll then get a Ghostscript parser
too.
Historically, the Ghostscript parser, being a very complex and powerful
interpreter, has had a number of security issues, and sites that have
allowed users to pass things to it have been open to remote code execution
issues. Given the complexity of the language and parser, the decision to
install this should not be presented as a straightforward win, and the
absence of this parser should not be presented as a "site health" issue.
At the very least, the user should have the trade-offs explained to make
an informed choice. But personally I'd just drop it from the advice.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47060>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list