[tex-k] secure mode of dvips should be default
Tomas G. Rokicki
rokicki@CS.Stanford.EDU
Fri, 1 Jun 2001 10:41:58 -0700 (PDT)
Thanks for the email on dvips security!
Can you explain why secure mode should be on by default?
In other words, how might I run TeX and/or dvips over
untrusted code? Provide me with a convincing attack
scenario. A time bomb in some macro source somewhere that
gets included into a distribution?
Certainly if someone embeds dvips into some sort of automatic,
MIME-driven viewer, yes, secure mode should be set on, but
for command-line use?
Thanks!
-tom