[tex-k] secure mode of dvips should be default

Paul Vojta vojta@math.berkeley.edu
Tue, 5 Jun 2001 12:11:19 -0700 (PDT)


> Date: Sun, 3 Jun 2001 10:12:20 +0200 (MET DST)
> From: Thomas Esser <te@informatik.uni-hannover.de>
> To: J.D.Gilbey@qmw.ac.uk, sebastian.rahtz@computing-services.oxford.ac.uk,
>         vojta@math.berkeley.edu
> Cc: tetex-pretest@informatik.uni-hannover.de, tex-k@mail.tug.org,
>         texlive@tug.org
> Subject: Re: [tex-k] secure mode of dvips should be default
> 
> > Xdvi implements such a trusted list, sort of.  If xdvi encounters a
> > PostScript file whose name ends in .Z or .gz or .bz2, and if the first
> > 2-3 bytes of the file are the correct magic bytes for the file type,
> > then xdvi will automatically pass the file through uncompress or gunzip
> > or bunzip2 before processing it.  IMHO, dvips should do the same
> > (and TeX, likewise, when getting bounding box information).
> > 
> > Comments, anyone?
> 
> Even better would be to use libgz / libbz2 for decompression. No fork,
> no security problem.

As was noted earlier (by Stefan Ulrich, I believe), xdvi currently uses
fork/exec instead of popen or system, so I believe that all security issues
are already adequately addressed.  With libraries, people will want to use
shared libraries, and I don't see much difference between shared libraries
and fork/exec from a security standpoint.

--Paul Vojta, vojta@math.berkeley.edu