[texhax] On \centerline, etc. (AMS LaTeX)

Reinhard Kotucha reinhard.kotucha at web.de
Sun Oct 7 04:35:04 CEST 2012 

On 2012-10-06 at 23:05:28 +0200, Uwe LŸck wrote:

 > Am Donnerstag, den 27.09.2012, 10:02 -0400 schrieb Michael Barr:
 > > I looked at the reference cited by Uwe
 > > Lueck and found the following sentence:
 > > 
 > > "But in the case of \matrix,\pmatrix, \cases this was a 
 > > mistakeÑthe plain.tex syntax for them is decidedly non-LATEX 
 > > in style, for example the fact that they use \cr instead 
 > > of \\ to mark line breaks, and they donÕt use \begin and \end."
 > 
 > This is from technote.pdf that in fact Ulrike Fischer pointed to,
 > 
 >     http://tug.org/pipermail/texhax/2012-September/019740.html
 > 
 > rather belonging to the enemy alliance.
 > 
 > > So the reason is that is decidedly non-latex in style and (my own take):
 > > we cannot allow mixing of latex and non-latex.
 > 
 > Indeed (from technote.pdf):
 > 
 >     The problem is that when LATEX was originally created, 
 >     it adopted most of its mathematics features straight 
 >     from plain.tex. But in the case of \matrix, \pmatrix, 
 >     \cases this was a mistakeÑthe plain.tex syntax for them 
 >     is decidedly non-LATEX in style.
 > 
 > Ð "a mistake", boldly. It is a "mistake" in my view to confuse 
 > /support/ of the typical LaTeX syntax with /restriction/ to the
 > latter. The argument seems to be that /support/ without 
 > /restriction/ is a kind of "intentional inconsistency". 
 > I cannot find the English words for German "inkonsequent" 

http://www.dict.cc/deutsch-englisch/ says:

  inconsistent           inkonsequent
  inconsequential        inkonsequent
  inconsequent           inkonsequent
  inconsistently         inkonsequent
  nonsequential          inkonsequent

 > and "wer A sagt, muss auch B sagen", 

  In for a penny, in for a pound.     Wer A sagt, muss auch B sagen.
  You must finish what you start.     Wer A sagt, muss auch B sagen.

However, I think that the discussion about LaTeX2e isn't overly
helpful because it's frozen forever.  LaTeX developers are working on
LaTeX3 now and I'm convinced that it will be much more consistent.

 > deceptive tricks to convince stupid people in political
 > affairs. However, I consider it OK, as others have done in the
 > discussion, if a publisher or journal in fact /restricts/ markup
 > syntax in submissions.
 > 
 > For that purpose, it may be a good idea to redefine Plain TeX 
 > macros or even some primitives so they produce error messages 
 > saying "Please replace #1 by ... according to the guidelines 
 > for submissions". 

This is at least partly done by the onlyamsmath package and I suppose
that l2tabu has the same goal.

 > However, it may be difficult to defeat the Plain TeX guerilla for
 > good, who will reintroduce Plain TeX constructs by \newcommand
 > under new names, such as \xirtam.

If they exactly know what they are doing, it's probably not a big
problem.

 > I have just started to think how you can attack the journal's LaTeX
 > guard in your submission, and how the guard in turn can protect the
 > journal from certain types of Plain TeX attacks in advance, and
 > what new types of attacks could be invented ... finally you might
 > submit something not for the reputation of getting something
 > published, rather just for enjoying a successful Plain TeX attack.

I'm not convinced that Plain TeX is less secure than LaTeX.  As you
said yourself, there is \newcommand.  TeX Live provides protection
already:

  shell_escape.tex = f
  shell_escape.initex = f

  % Allow TeX \openin, \openout, or \input on filenames starting with `.'
  % (e.g., .rhosts) or outside the current tree (e.g., /etc/passwd)?
  % a (any)        : any file can be opened.
  % r (restricted) : disallow opening "dotfiles".
  % p (paranoid)   : as `r' and disallow going to parent directories, and
  %                  restrict absolute paths to be under $TEXMFOUTPUT.
  openout_any = p
  openin_any = a

Since files in parent directories cannot be [over]written, it's safe
to put non-trusted stuff into subdirs and load it with
\include{dir/file}.  The default setting of openin_any is quite
insecure, it's easy enough to write TeX code which puts your private
ssh key into a PDF file, even invisibly.  If you have to process
material from people you don't trust, it's advisable to change this
setting.

You, as a TeX programmer, probably have something different in mind:
If a publisher has to \include many files, one file could break files
included later.  This can be solved by including each file within a
group, but I'm not sure whether it's safe to \let\aftergroup\relax.
Not to mention \global, \globaldefs, ...

I'm leaving for EuroTeX-2012 in a few hours and will be offline until
next weekend.

Regards,
  Reinhard

-- 
----------------------------------------------------------------------------
Reinhard Kotucha                                      Phone: +49-511-3373112
Marschnerstr. 25
D-30167 Hannover                              mailto:reinhard.kotucha at web.de
----------------------------------------------------------------------------
Microsoft isn't the answer. Microsoft is the question, and the answer is NO.
----------------------------------------------------------------------------

More information about the texhax mailing list