[tex-k] [email@example.com: RHN Errata Alert: Command execution
vulnerability in dvips]
Wed, 16 Oct 2002 01:03:41 +0900
> I am not sure whether this has been fixed or not.
> Further, I suspect it hasn't been.
system() is disabled by default in config.ps:
* Run securely (z: disable system call, z0: enable system call)
* overriden by -R0 and -R options, respectively.
Boolean secure = 1 ; /* make safe for suid */
in dvips.c will be better.
(Currently Boolean secure = 0 ; /* make safe for suid */)
If one invokes by -R0 option, system() is enabled.