[tex-k] secure mode of dvips should be default
Robin Fairbairns
Robin.Fairbairns@cl.cam.ac.uk
Sat, 02 Jun 2001 11:54:33 +0100
> Thanks for the email on dvips security!
>
> Can you explain why secure mode should be on by default?
> In other words, how might I run TeX and/or dvips over
> untrusted code? Provide me with a convincing attack
> scenario. A time bomb in some macro source somewhere that
> gets included into a distribution?
command-line interaction is (imo very sensibly) turned off by default
in the tex-k distributions. people _do_ distribute tex files for
people to execute (rather than distributing the ps or pdf), so there's
a potential attack from that facility.
but that same attack could in principle propagate to dvips -- someone
only has to include a special saying `rm -rf ~/* and ... pow!
i agree that off-by-default is what should appear in the
distributions.