[tex-live] Re: [tex-k] secure mode of dvips should be default
Tue, 5 Jun 2001 12:11:19 -0700 (PDT)
> Date: Sun, 3 Jun 2001 10:12:20 +0200 (MET DST)
> From: Thomas Esser <email@example.com>
> To: J.D.Gilbey@qmw.ac.uk, firstname.lastname@example.org,
> Cc: email@example.com, firstname.lastname@example.org,
> Subject: Re: [tex-k] secure mode of dvips should be default
> > Xdvi implements such a trusted list, sort of. If xdvi encounters a
> > PostScript file whose name ends in .Z or .gz or .bz2, and if the first
> > 2-3 bytes of the file are the correct magic bytes for the file type,
> > then xdvi will automatically pass the file through uncompress or gunzip
> > or bunzip2 before processing it. IMHO, dvips should do the same
> > (and TeX, likewise, when getting bounding box information).
> > Comments, anyone?
> Even better would be to use libgz / libbz2 for decompression. No fork,
> no security problem.
As was noted earlier (by Stefan Ulrich, I believe), xdvi currently uses
fork/exec instead of popen or system, so I believe that all security issues
are already adequately addressed. With libraries, people will want to use
shared libraries, and I don't see much difference between shared libraries
and fork/exec from a security standpoint.
--Paul Vojta, email@example.com