[OS X TeX] epspdftk 0.2.01
siepo at cybercomm.nl
Mon Aug 14 17:00:48 CEST 2006
On Mon, Aug 14, 2006 at 01:51:29PM +0200, Bruno Voisin wrote:
> Le 14 août 06 à 13:28, Siep Kroonenberg a écrit :
> >I solved the path problem by starting epspdftk via a terminal, which
> >is hidden rightaway and gets closed afterwards. This way, you get
> >the same search path as in Terminal.
> That's way out of my league, but wouldn't there be security
> implications here: when opened from an administrator account (mine
> is), malicious EPS files yielding arbitrary code execution with
> administrator rights inside the hidden terminal window?
> If that can't happen, please forget about that remark!
> Bruno Voisin
Malicious code generally won't announce itself in a terminal,
visible or not. Besides, the terminal window isn't very hidden; it
is visible as an icon in the right side of the dock, from where you
can unhide it. Plus, ghostscript mostly runs with the -dSAFER
option. So I don't think that the use of a terminal window has any
impact on security.
------------------------- Info --------------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
& FAQ: http://latex.yauh.de/faq/
TeX FAQ: http://www.tex.ac.uk/faq
List Archive: http://tug.org/pipermail/macostex-archives/
More information about the macostex-archives