[tex-k] secure mode of dvips should be default
Julian Gilbey
J.D.Gilbey@qmw.ac.uk
Sat, 2 Jun 2001 23:15:59 +0100
On Sat, Jun 02, 2001 at 11:27:05PM +0100, Sebastian Rahtz wrote:
> I have updated the texk sources in TeXLive so that dvips can be made
> secure against shell escapes by using the "z0" directive in config.ps
> (which is now the default in TeXLive). It can be overridden on the
> command-line with -R1. Confusing letters, but the history of dvips
> does not allow much else to be done.
What would be really nice would be three levels of security:
-R0 no external commands executed
-R1 only trusted commands executed, such as gs (it shouldn't be two
hard for the wizards to come up with such a list of commonly used
commands, and they should be called directly, not via a shell, to
avoid the possibility of shell tricks)
-R2 pass any `command special to a shell to handle
How feasible would this be?
Julian
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Julian Gilbey, Dept of Maths, Queen Mary, Univ. of London
Debian GNU/Linux Developer, see http://people.debian.org/~jdg
Donate free food to the world's hungry: see http://www.thehungersite.com/