[tex-k] secure mode of dvips should be default

[Stefan Ulrich]

janl  <janl@linpro.no> writes:

> The demans on our alertness with regard to what data we pass
> around to libraries is no less when we use a library than an external
> executable.   Has the library been audited, was it written assuming
> that the caller does all the needed sanity checks? What _are_ the
> sanity checks?  

Agreed.

> To be sure the system and popen calls have a notorious history, but it
> _is_ well known what we have to do to not make them holey.

Also note that we don't use system/popen at all, but fork/exec
directly, so we have no security problems with insecure shell
commands.

Regards
-- 
Stefan Ulrich