[XeTeX] How to manually create the xelatex.fmt?
Susan Dittmar
Susan.Dittmar at gmx.de
Thu Oct 20 14:19:50 CEST 2011
Quoting Zdenek Wagner (zdenek.wagner at gmail.com):
> If the current version of TL is 2011 but the native packaged version
> in a Linux distro is 2007, are you sure that there are not bugs and
> security holes? Do you know how \write18 is handled? Are you sure that
> they do not allow \input /etc/passwd and \input /etc/shadow? It is
> disabled by me in my TL based server side applications.
Valid questions, but, as I understand, not the kind of TeX service Chris
provides. You are talking about giving access to TeX engine on your machine
to someone coming from remote. Chris' customers use their own TeX engine on
their own computer/server. Chris doesn't have any control over this TeX
engine. Maybe Chris could invest thoughts about preventing users to input
code (product names, product descriptions and such) containing potentially
problematic TeX commands (like the dreaded \write18), but that's a
completely different toppic from the aspects of using TeX as backbone to
accounting software discussed up to now. It might even be moot unless the
accounting software grants permissions the user doesn't already have.
Susan
More information about the XeTeX
mailing list