[tex-k] secure mode of dvips should be default

Sebastian Rahtz sebastian.rahtz@computing-services.oxford.ac.uk
Sun, 3 Jun 2001 13:07:40 +0100


Julian Gilbey writes:
 > What would be really nice would be three levels of security:
 > 
 > -R0  no external commands executed
 > 
 > -R1  only trusted commands executed, such as gs (it shouldn't be two
 >      hard for the wizards to come up with such a list of commonly used
 >      commands, and they should be called directly, not via a shell, to
 >      avoid the possibility of shell tricks)
 > 
 > -R2  pass any `command special to a shell to handle
 > 
 > How feasible would this be?

I don't think its needed. the only sensible daily use for the commands
is decompression, better done by linking in the right libraries. The
concept of "trusted commands" is too woolly (in my opinion)

sebastian