Security in xdvik, was: Re: [tex-k] secure mode of dvips should be default
Stefan Ulrich
ulrich@cis.uni-muenchen.de
Sat, 2 Jun 2001 19:34:01 +0200
Sebastian Rahtz <sebastian.rahtz@computing-services.oxford.ac.uk> writes:
> I just need to compile it all and test... (I am doing this because I
> am also integrating the latest T1-aware xdvik into TeXLive. Does the
> same problem occur in xdvi?)
You mean, with shell escapes being enabled by default?
This is not the case with xdvi(k); they are disabled by
default (`-allowshell' enables them). I've just checked it:
the description in the man page reflects the actual
implementation ;-)
The source special feature has no known security issues
either (no shell commands are used to invoke the editor,
but explicit forks).
Best regards
--
Stefan Ulrich