On 12/28/05, <b class="gmail_sendername">Gerben Wierda</b> <<a href="mailto:Gerben.Wierda@rna.nl">Gerben.Wierda@rna.nl</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On 28 Dec 2005, at 12:31, Lars Madsen wrote:<br><br>>> In the dvips info manual, the very short description for z only says<br>>> that it is the same as the commandline switch -R, and there you<br>>> have the
<br>>> explanation. But you are right, it should also be in <a href="http://config.ps">config.ps</a>.<br>>><br>><br>> And I think it sould have been in the TeXLive documentation, since<br>> this is something that has changed from last year.
<br><br>I discussed this (with Karl I think) a while back and proposed a<br>change. Currently, not only absolute paths are not permitted but also<br>relative paths going up. That plays havoc with people having layouts<br>
like<br><br>.../chapters<br>.../images<br><br>because the inclusions would be of the form ../images/foo.eps<br><br>I suggested that default behaviour would accept relative but not<br>absolute paths (as these can be used to read system information in a
<br>reliable way) and of course not the shell escapes.</blockquote><div><br>If you block absolute paths then you have to block relative paths like [../]^N for N <br>
larger than the current depth, since those are effectively the same as absolute <br>
paths. Where security is concerned, simplicity is an advantage, so I don't see a <br>
reason to change from the current behaviour. <br>
<br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">I still have to make that change to dvips, but I will when we have<br>moved away from p4.
<br><br>Unless of course everybody else thinks this is a bad idea.</blockquote><div><br>I think it is a bad idea, but then I tend to think dvi-anything that requires<br>maintenance is a bad idea. I hardly ever use dvi anymore except to track
<br>down other people's problems. If we make dvips secure enough so it can't do<br>anything useful then people will stop bothering me.<br><br>My pdftex-1.30.5 handles images with absolute paths -- is there a mechanism<br>
to block absolute and upwards relative paths in pdftex?<br><br>Time might be better spent considering how to deal with absolute paths in<br>pdftex and/or improving the documentation.<br><br><b><span id="_user_tex-live@tug.org">
<span style="font-weight: bold;"></span></span></b></div></div>-- <br>George N. White III <<a href="mailto:aa056@chebucto.ns.ca">aa056@chebucto.ns.ca</a>><br>Head of St. Margarets Bay, Nova Scotia