Bug#316154: [tex-live] Re: Bug#316154: texmf.cfg: Close possible
security problem
Hilmar Preusse
hille42 at web.de
Sat Aug 27 12:57:19 CEST 2005
On 21.08.05 Karl Berry (karl at freefriends.org) wrote:
Hi Karl,
> % The default settings are not secure when you process LaTeX files of
> % possibly doubtful origin. In this case, set openin_any = p.
>
> I'm not too excited about putting such a vague and alarmist message
> into texmf.cnf. I have no objection to putting in something more
> specific,
>
I'll think about that and try to rephrase that.
> What's the scenario where this is a problem again? If we're talking
> about some hypothetical web interface which allows generic
> uploading/running tex/displaying back, that's not a good idea for
> lots of other reasons, too.
>
Well, the submitter spoke about some mal code sent to somebody, who
calls it and the LaTeX file does something really bad. I don't know
how realistic that scenario is. Well, normally I don't read very long
documnents before processing them....
> > I've no clue if that will really help many people,
>
> I agree with you that 99% of users (at least) will never see a note in
> texmf.cnf, but we could write a couple of sentences in the
> documentation, if we can come up with something useful to say (even if
> just to point to when this question arises in the future).
>
Agreed. Where can I find the docs for texmf.cnf?
Regards,
Hilmar
--
sigmentation fault
More information about the tex-live
mailing list