Index: dviwin.cpp
===================================================================
RCS file: /home/kde/kdegraphics/kdvi/dviwin.cpp,v
retrieving revision 1.77.2.4
diff -u -r1.77.2.4 dviwin.cpp
--- dviwin.cpp	7 Dec 2002 23:15:00 -0000	1.77.2.4
+++ dviwin.cpp	8 Apr 2003 12:23:08 -0000
@@ -29,6 +29,7 @@
 #include <klocale.h>
 #include <kprinter.h>
 #include <kprocess.h>
+#include <kstddirs.h>
 
 #include "dviwin.h"
 #include "fontpool.h"
@@ -704,6 +705,28 @@
   // specials in PostScriptDirectory, and the headers in the
   // PostScriptHeaderString.
   PS_interface->clear();
+
+  // Files that reside under "tmp" or under the "data" resource are most
+  // likely remote files. We limit the files they are able to read to
+  // the directory they are in in order to limit the possibilities of a 
+  // denial of service attack.
+  bool restrictIncludePath = true;
+  QString tmp = KGlobal::dirs()->saveLocation("tmp", QString::null);
+  if (!filename.startsWith(tmp))
+  {
+     tmp = KGlobal::dirs()->saveLocation("data", QString::null);
+     if (!filename.startsWith(tmp))
+        restrictIncludePath = false;
+  }
+  
+  QString includePath;
+  if (restrictIncludePath)
+  {
+     includePath = filename;
+     includePath.truncate(includePath.findRev('/'));
+  }
+
+  PS_interface->setIncludePath(includePath);     
   
   // We will also generate a list of hyperlink-anchors in the
   // document. So declare the existing list empty.
Index: psgs.cpp
===================================================================
RCS file: /home/kde/kdegraphics/kdvi/psgs.cpp,v
retrieving revision 1.13
diff -u -r1.13 psgs.cpp
--- psgs.cpp	11 Jun 2001 13:40:16 -0000	1.13
+++ psgs.cpp	8 Apr 2003 12:23:08 -0000
@@ -54,6 +54,12 @@
   DiskCache->clear();
 }
 
+void ghostscript_interface::setIncludePath(const QString &_includePath) {
+  if (_includePath.isEmpty())
+     includePath = "*"; // Allow all files
+  else
+     includePath = _includePath+"/*";
+}
 
 void ghostscript_interface::setPostScript(int page, QString PostScript) {
   pageInfo *info = new pageInfo(PostScript);
@@ -120,11 +126,13 @@
   // Step 2: Call GS with the File
   KProcess proc;
   proc << "gs";
-  proc << "-dNOPAUSE" << "-dBATCH" << "-sDEVICE=png256";
+  proc << "-dSAFER" << "-dPARANOIDSAFER" << "-dDELAYSAFER" << "-dNOPAUSE" << "-dBATCH" << "-sDEVICE=png256";
   proc << QString("-sOutputFile=%1").arg(filename);
+  proc << QString("-sExtraIncludePath=%1").arg(includePath);
   proc << QString("-g%1x%2").arg(pixel_page_w).arg(pixel_page_h); // page size in pixels
   proc << QString("-r%1").arg(resolution);                       // resolution in dpi
-  proc << PSfile.name();
+  proc << "-c" << "<< /PermitFileReading [ ExtraIncludePath ] /PermitFileWriting [] /PermitFileControl [] >> setuserparams .locksafe";
+  proc << "-f" << PSfile.name();
   proc.start(KProcess::Block);
   PSfile.unlink();
 }
Index: psgs.h
===================================================================
RCS file: /home/kde/kdegraphics/kdvi/psgs.h,v
retrieving revision 1.3
diff -u -r1.3 psgs.h
--- psgs.h	11 Jun 2001 13:40:16 -0000	1.3
+++ psgs.h	8 Apr 2003 12:23:08 -0000
@@ -41,6 +41,9 @@
   // 
   void setPostScript(int page, QString PostScript);
 
+  // sets path from additional postscript files may be read
+  void setIncludePath(const QString &_includePath);
+
   // Returns the graphics of the page, if possible. The functions
   // returns a pointer to a QPixmap, or null. The referred QPixmap
   // should be deleted after use.
@@ -63,6 +66,8 @@
   double                resolution;    // in dots per inch
   int                   pixel_page_w; // in pixels
   int                   pixel_page_h; // in pixels
+
+  QString               includePath;
 
 signals:
   /** Passed through to the top-level kpart. */