[tex-k] secure mode of dvips should be default
Paul Vojta
vojta@math.berkeley.edu
Tue, 5 Jun 2001 12:11:19 -0700 (PDT)
> Date: Sun, 3 Jun 2001 10:12:20 +0200 (MET DST)
> From: Thomas Esser <te@informatik.uni-hannover.de>
> To: J.D.Gilbey@qmw.ac.uk, sebastian.rahtz@computing-services.oxford.ac.uk,
> vojta@math.berkeley.edu
> Cc: tetex-pretest@informatik.uni-hannover.de, tex-k@mail.tug.org,
> texlive@tug.org
> Subject: Re: [tex-k] secure mode of dvips should be default
>
> > Xdvi implements such a trusted list, sort of. If xdvi encounters a
> > PostScript file whose name ends in .Z or .gz or .bz2, and if the first
> > 2-3 bytes of the file are the correct magic bytes for the file type,
> > then xdvi will automatically pass the file through uncompress or gunzip
> > or bunzip2 before processing it. IMHO, dvips should do the same
> > (and TeX, likewise, when getting bounding box information).
> >
> > Comments, anyone?
>
> Even better would be to use libgz / libbz2 for decompression. No fork,
> no security problem.
As was noted earlier (by Stefan Ulrich, I believe), xdvi currently uses
fork/exec instead of popen or system, so I believe that all security issues
are already adequately addressed. With libraries, people will want to use
shared libraries, and I don't see much difference between shared libraries
and fork/exec from a security standpoint.
--Paul Vojta, vojta@math.berkeley.edu