[tex-k] secure mode of dvips should be default

Thomas Esser te@informatik.uni-hannover.de
Sun, 3 Jun 2001 10:12:20 +0200 (MET DST)


> Xdvi implements such a trusted list, sort of.  If xdvi encounters a
> PostScript file whose name ends in .Z or .gz or .bz2, and if the first
> 2-3 bytes of the file are the correct magic bytes for the file type,
> then xdvi will automatically pass the file through uncompress or gunzip
> or bunzip2 before processing it.  IMHO, dvips should do the same
> (and TeX, likewise, when getting bounding box information).
> 
> Comments, anyone?

Even better would be to use libgz / libbz2 for decompression. No fork,
no security problem.

Thomas