RootCauseunvalidated
passes the user-controlled IjsServer string directly to ijs_invoke_server (fork+exec) and forwards the OutputFile (ijsdev->fname) — devices/gdevijs.c, gsijs_open. Tension: with no gp_validate_path / SAFER check. Outcome: even with -dSAFER, an attacker can supply ../ traversal or any absolute path.
7a4bd868-38d4-4fb6-abf1-8f53bd9676ca
passes the user-controlled IjsServer string directly to ijs_invoke_server (fork+exec) and forwards the OutputFile (ijsdev->fname) — devices/gdevijs.c, gsijs_open. Tension: with no gp_validate_path / SAFER check. Outcome: even with -dSAFER, an attacker can supply ../ traversal or any absolute path.