[texworks] Project Management type stuff

Reinhard Kotucha reinhard.kotucha at web.de
Sat Oct 16 03:18:15 CEST 2010

On 16 October 2010 Paul A Norman wrote:

 > Thank you Reinhard,
 > This has been put forward to me on another forum...
 > > Putting it more crudely, if you specify a relative, absolute, or
 > > partial path in a \usepackage command, LaTeX will try to obey it,
 > > and won't use texmf.cnf.

Kpathsea is built into the binaries.  Thus, LaTeX can't avoid texmf.cnf.
All \input, \openin, and \openout primitives are caught by kpathsea
and access is granted if settings in texmf.cnf are appropriate.

 > However from what you are saying, it would appear that a flag has to
 > be set in  texmf.cnf?

By default there is no restriction when *reading* files because
openin_any is set to "a" (any).  You don't have to change anything if
all you need is \input{../foo.tex}.

If the administrator sets openin_any=p (p=paranoid) in texmf.cnf,
you'l get the error message:

  pdflatex: Not reading from ../foo.tex (openin_any = p).

  ! LaTeX Error: File `../foo.tex' not found. 

Please note that the first error message comes from the engine
(pdflatex/kpathsea) and the second one from LaTeX.  LaTeX doesn't see
the file and even doesn't know why.

Even if you allow to read files in dot-directories, you get a warning
message when you are loading LaTeX macro packages via \usepackage.


  LaTeX Warning: You have requested package `../parskip',
               but the package provides `parskip'.

 > And I take it that texmf.cnf. is an essential part of all LaTeX
 > distros?

It's part of all Web2c based distros.  There is certainly something
like texmf.cnf in MikTeX, though it might have another name and a
different syntax.
 > Is it concievable that a dedicated procedure in C++ level of
 > TeXWorks could, if it proves necessary, alter these flags at a
 > User's specific request?

With TeX Live's default settings it's not necessary.  You can already
read all files.  And if the admin sets openin_any=p, he might have a
good reason.  There is always a tradeoff between convenience and
security and I think that if the admin chooses a more restrictive
setting, it shouldn't be circumvented by programs like TeXworks.

It's easy enough, at least, to write a LaTeX file which includes your
private ssh keys as a PDF attachment.  Yes, even granting read access
to arbitrary files can be very dangerous.


Reinhard Kotucha			              Phone: +49-511-3373112
Marschnerstr. 25
D-30167 Hannover	                      mailto:reinhard.kotucha at web.de
Microsoft isn't the answer. Microsoft is the question, and the answer is NO.

More information about the texworks mailing list