[tex-k] [rhn-admin@rhn.redhat.com: RHN Errata Alert: Command execution
vulnerability in dvips]
Akira Kakuto
kakuto@fsci.fuk.kindai.ac.jp
Wed, 16 Oct 2002 01:03:41 +0900
> I am not sure whether this has been fixed or not.
>
> Further, I suspect it hasn't been.
system() is disabled by default in config.ps:
* Run securely (z: disable system call, z0: enable system call)
* overriden by -R0 and -R options, respectively.
z
*
Boolean secure = 1 ; /* make safe for suid */
in dvips.c will be better.
(Currently Boolean secure = 0 ; /* make safe for suid */)
If one invokes by -R0 option, system() is enabled.
--
Akira Kakuto